To begin the application process, please enter your email address.
Company Contact Info
- Lake Forest, IL 60045
Sorry, we cannot save or unsave this job right now.
Report this Job
Saving Your Job Alert
Job Alert Saved!
Could not save Job Alert!
You have too many Job Alerts!
This email address has reached the maximum of 5 email alerts. To create a new alert, you will need to log into your email and unsubscribe from at least one.
Email Send Failed!
Sr IT SOX Auditor
Grainger • Lake Forest, IL
Posted 20 days ago
Grainger is a broad line, business-to-business distributor of maintenance, repair and operating (MRO) supplies and other related products and services. More than 3.2 million businesses and institutions worldwide rely on Grainger for products such as safety gloves, ladders, motors and janitorial supplies, along with services like inventory management and technical support. These customers represent a broad collection of industries including commercial, government, healthcare and manufacturing. They place orders online, on mobile devices, through sales representatives, over the phone and at local branches. Approximately 5,000 suppliers provide Grainger with more than 1.6 million products stocked in Grainger’s distribution centers and branches worldwide.
As part of Grainger’s Global Internal Audit Team, the Senior IT SOx Auditor will primarily be responsible for independently evaluating the design and effectiveness of Grainger’s key IT controls for financial reporting (ICFR) as part of the enterprise SOx 404 assessment. Additionally, this person is expected to develop and maintain effective working relationships with the global Controllership teams, including Global Internal Controls Teams and IT ICFR owners.
Principal Duties & Responsibilities
The Senior IT SOx Auditor will work within the general guidelines provided by Internal Audit Manager in connection with Grainger’s SOx 404 process. The role’s key duties and responsibilities are as follows:
- Participate in the development of the annual SOx testing plan.
- Plan, perform and document field work to evaluate the effectiveness of key IT internal controls for financial reporting (ITGC and Application Controls).
- Perform testing and review staff auditors’ testing to ensure risks are appropriately identified, associated audit procedures are applied and related controls are designed and operating to mitigate the identified risks. Also, ensuring automation of procedures whenever possible. Identify and update the SOx 404 Framework for control and/or testing changes identified through testing. Ensuring testing documentation provided to external auditors to rely upon meets their standards.
- Prepare and report control deficiencies upon discussion with business owners, collaborate with business owners regarding recommendations to address the root cause of issues and report on the status of implementation of management remedial actions.
- Train and supervise other auditors (internal or external) in all phases of SOx 404 testing, including advance preparation, monitoring the progress of the auditors assigned to the project, and reporting results of the audit. Develop and maintain training material for Sox 404 testing. Provide feedback to staff auditors and assistance in their development including assisting the Manager with performance reviews.
- Manage relationship with external auditors including understanding expectations, providing status updates, and addressing comments for reliance work.
- Assist the Manager with reporting status and deficiencies to Management and the Audit Committee.
- Ability to assist with Entity Level Controls and SOC-1 Testing which may including planning, testing, and/or reviewing other auditors’ testing
- Participate in cross-functional committees designed to enhance overall governance compliance program development and continuous process improvements.
- Develop and maintain effective working relationships with the global Controllership teams, including Global Internal Controls Teams and IT ICFR owners.
- Keep up to date with changes in regulations, governance and best practices. Review and update testing procedures and templates to ensure any changes in regulations, governance, or best practices are reflected and incorporated into testing.
- Maintain professional certifications and related educational requirements as well as other duties assigned by the Internal Audit Manager.
Preferred Education & Experience
- Bachelor's Degree in management/computer information systems, computer sciences, or equivalent combination of education, training, and years of experience is required.
- Certifications in IT compliance standards (e.g., CISA, CISSP, CISM) is required.
- Other relevant professional certification such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA) or Certified Fraud Examiner (CFE) is a plus.
- Master’s degree or other relevant certification is a plus.
- Three years or more in related work experience: information technology internal/external audit, IT internal controls or process implementation or improvements within a large publicly-traded company, specifically US companies subject to SOx requirements is required.
- Theoretical and practical knowledge of major risk and control frameworks or IT frameworks (e.g., COSO 2013, COBIT, ISO, CMM, ITIL) is required.
- Strong understanding of IT infrastructure management (e.g. networks, data center operations, service desk, server management) and IT security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies) is required.
- Knowledge and experience on testing design and operating effectiveness of IT general and application controls is required.
- Robust project management skills; experience working with multi-project management is required.
- Practical knowledge of ERP systems (i.e. SAP or comparable large ERP systems) and PC proficiency in MSOffice (Excel, Word, Visio, etc.) is required.
- Current or former Big 4 firm experience is a plus.
- Experience in industries analogous to Grainger’s is a plus.
- Experience with robust GRC tools (e.g., Archer, SAP GRC, Open Pages, Metricstream, Workiva) and CAAT tools (ACL, IDEA) a plus.
Required Skills and Abilities
- Excellent English verbal and written communication skills.
- Strong organization, planning and project management skills. Comfortable performing multifaceted projects in conjunction with day-to-day activities.
- Ability to interact and communicate well with employees across different business environments and external auditors. Ability to resolve conflict in a professional manner.
- Ability to translate compliance and IT technical requirements into relevant and understandable terms.
- Excellent understanding of internal controls.
- Strong business acumen & analytical skills with attention to detail.
- Ability to leverage business systems (SAP, BW, etc.) and tools (Excel, Word, Visio, etc.) to support business execution and measurement of results
- Ability to work under strict deadlines with minimal supervision.
- Agility and flexibility to a changing environment
- Drive an automobile, carry a laptop PC and other requisite equipment/supplies to remote audit assignments, on an “as needed” basis.
- Ability to travel (up to 20% of time) including some international assignments that may require being on site up to three weeks.
- Deliver value-added assessments and sound advice, good news and bad, in a relevant, concise and clear manner tuned to the audience and with a high level of credibility to be reviewed by executive management and board.
- Understand business strategy and related risks as well as the financial implication.
- Assimilate and synthesize complex data and information into a concise conclusion for decision-making.
- Act and commit to core values and ethical business conduct and has the backbone to stand up for what is right and necessary.
- Able to separate people from issues.
- Manage a large and diverse portfolio of business areas and rapidly assess situations with multiple outcomes and consequences.
- Work autonomously with a strong attention to detail.
- Exercise comprehensive and thorough risk assessment, project management, and communication protocol and skills.
- Peer relationships with Senior Auditors, Internal Controls Professionals and Business/Operations Professionals.
- Reports to Manager, Internal Audit and SOx.
- Informal supervisor to staff auditors
Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, disability, or protected veteran status.