IT Audit Manager; SOX, NIST CSF, CIS - Hybrid in Pomona, CA

Position: IT Audit Manager (SOX, NIST CSF, CIS) - Hybrid in Pomona, CA

Job Description

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a IT Audit Manager to join our team in Pomona, CA, US.

NTT DATA is seeking an IT Audit Manager with SOX audit experience to join our team supporting one of our prominent Real Estate / Commercial Clients, whose main headquarters is located in Pomona, California.

The ideal candidate for this position will have 5+ years of experience conducting Gap Assessments and Regulatory Compliance Assessments across organizational assets (On-prem and Cloud) related to SOX, NIST CSF, CIS and other relevant standards, identifying areas of improvement, and developing mitigation measures or additional controls.

The IT Audit Manager will lead an Internal Audit Program, as an individual contributor, responsible for development and maintenance of an annual SOX Audit program, coupled with responsibility for leading other internal audits as part of the program.

Audit Program Management

• Develop and maintain cross-organizational relationships;
  Establish strategic partnership with control owners, second line of defense, and privacy leaders
• Champion a culture of security for risk reduction and business enablement through proactive IT controls and audit training and the dissemination of policies and procedures
• Understand and implement procedures for company-wide adherence to SOX and other compliance programs ensuring compliance with all applicable policies, regulatory requirements, and standards
• Develop Annual Audit Plan and lead execution and maintenance of annual audit scope including but not limited to : SOX
• Collect and manage the evidence of adherence to regulatory requirements for internal and external inspection
• Establish meeting and reporting cadence to provide regular Audit Program Updates to stakeholders

SOX Compliance

• Lead and participate in IT-related Sarbanes-Oxley compliance efforts, including documentation, testing, and remediation activities
• Collaborate with cross-functional teams to identify key IT controls, document control narratives, and assess control effectiveness
• Coordinate and process regular IT control testing to validate compliance with SOX requirements
• Provide support as SOX subject matter expert (SME) to ensure SOX compliance meets regulatory requirements

IT General Controls

• Assess and evaluate IT General Controls (ITGCs) related to access management, change management, system development, and more
• Identify control gaps or weaknesses and work with IT teams to design and implement effective control measures
• Monitor ongoing ITGC compliance and assist in control testing and documentation updates

Audit Support

• Educate and assist staff in understanding information security controls and compliance activities and requirements associated with Audit scope
• Serve as a liaison between internal and external auditors and IT departments during audits
• Prepare and provide necessary documentation and evidence to auditors, ensuring accurate and timely responses to audit requests
• Facilitate walkthroughs and discussions related to IT processes and controls for audit purposes
• Assist staff in planning appropriate responses to identified control deficiencies

Audit Recommendation / Remediation

• Develop recommendations and support toward implementing the recommendations by collaborating and coordinating with the respective system owners
• Maintain understanding of dataflow / architecture to understand impacts and support control definition
• Provide guidance and / or recommendations to enable understanding of findings and remediation requirements
• Perform follow-up related to audit recommendations and remediation tasks / activities through completion

Risk Assessment

• Partner with IT Control Owners to resolve control failures identified through risk assessments, internal / external audits, or cyber security assessments
• Assist in evaluating the potential impact and likelihood of identified risks and prioritize mitigation efforts
• Maintain IT control and issue documentation within GRC tool

Process, Policy, and Procedure

• Assist in the development, implementation, and / or maintenance of IT compliance policies, procedures, and guidelines ensuring alignment with relevant security and regulatory requirements
• Work with process owners to identify and understand new business processes or changes to existing processes including process narratives, related flowcharts

Continuous Program Improvement

• Identify opportunities, provide recommendations, and participate toward enhancing IT Audit and Compliance processes and control effectiveness based on audit findings and industry trends

Must reside in the U.S. as this is a Hybrid position. Remote and partial onsite work (expected T, W, Th; standard 8am-5pm PST) at the client’s Pomona, California location.

Required Skills & Experience

• 5+ years of experience managing IT audit engagements, and to include:
  Ability to…