This position is responsible for planning and managing the identification and testing of Information Technology (IT) controls to ensure a strong internal control environment and compliance with regulatory requirements and corporate policy. Routine communication to IT and business leadership of the status of the IT internal control environment is a critical component of this position.
2. ESSENTIAL RESPONSIBILITIES:
- Work with IT process owners to identify/improve and document detailed controls for key application, security and infrastructure components
- Manage the preparation, planning and execution of organization wide IT Sarbanes Oxley (SOX) control tests
- Partner with all levels of IT and business management to ensure that SOX testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost effective recommendations being provided to management to strengthen controls
- Provide on-going organization wide guidance on IT control requirements and impact
- Routinely summarize and communicate to affected IT and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks
- Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through the ‘deficiency closed’ phase
- Provide assistance to ViacomCBS internal and external auditors in completion of the quarterly reviews and annual audit
- Ensure IT SOX compliance with Corporate reporting submission standards and timelines
- Prepare reports on findings and recommendations for policy, procedure and internal control improvements
- Identify on an on-going basis relevant industry trends and potential evolving risks facing IT initiatives, potential changes to IT internal controls over financial reporting and assess their impact on the scope and strategy of the IT department
- Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews
- Provide or assist in preparing and conducting IT focused internal controls training
- Perform customary administrative tasks and responsibilities
- Other assignments or special projects as requested by management
3. DECISION MAKING/ACCOUNTABILITY
4. KNOWLEDGE, SKILLS & EXPERIENCE:
- Work is governed by Sarbanes Oxley. Within the regulatory framework issues arise that are substantially complex, varied and regularly requires the selection and application of technical and detailed guidelines. Independent judgment is required to identify, select, and apply the most appropriate methods as well as interpret precedent. The position regularly makes recommendations to management on areas of significance to the department and organization at large.
- This position is expected to operate very independently. Supervision received typically consists of feedback, coaching and advice
- This role typically has 1-2 direct reports. Supervisory requirements consist of monitoring test execution progress, reviewing results of test execution, reviewing adequacy of remediation plans in reducing risk and ensuring compliance with reporting deadlines and submission procedures.
- Six or more years of technology and audit experience (general technology controls, application, and security) within a public accounting, and/or internal audit function
- Five or more years of experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, and SOX 404 requirements including all phases of planning, evaluation, documentation, testing and remediation.
- Demonstrated proficiency of technology auditing control disciplines including thorough knowledge in two or more and general knowledge in relevant areas of technical specialization (security, application development, change management, or operations).
- Working knowledge of:
- SAP HANA auditing
- Oracle Database Administration, Security Administration and e-Business Suite (a plus) auditing
- Windows Operating System and Active Directory Security including Users and Groups, Group Policy, Domain Structures, Security and Auditing
- UNIX / Linux Operating System Security, including Users and Groups, System Configurations, File Permissions, Privileged Accounts, Password Controls, Security and Auditing
- Knowledge of segregation of duties principals and experience with SAP GRC and Oracle GRC tools.
- Ability to think analytically; communicate complex issues, and develop control recommendations
- Excellent written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism
- Ability to lead teams and motivate people
- Comfortable with meetings and leading discussions with senior staff
- Superior skills in planning, managing and controlling activities of a diverse team
- Customer focused and professional in work ethic and performance
- Demonstrated track record of integrity, effective communication, commitment to teamwork, innovation, and excellence
- A BA or BS Degree or equivalent in Information Systems, Accounting, Finance, Business, or related field
- Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent)