Director IT Audit; Mobility

About the Role:

Grade Level (for internal use): 13

Director IT Audit

The Director, IT Audit is a technically sophisticated and strategically minded internal audit leader who owns our IT and technology audit program. Reporting to the Chief Audit Executive, this individual serves as the company's audit liaison to the CIO and CISO - providing independent assurance over the technology controls, cybersecurity and privacy posture, and IT governance frameworks that underpin the business.

This role requires both deep technical fluency and strong leadership presence, the ability to assess complex technological environments with rigor and communicate findings in ways that resonate with both technical and non-technical executive audiences. The ideal candidate brings a Big 4 or public accounting foundation, proven experience leading IT audit programs in dynamic SOX and non-SOX environments, and the credibility to serve as a trusted advisor at the highest levels of the organization.

• Design, own, and execute a comprehensive IT audit strategy and annual audit plan - built on a robust IT risk assessment process that reflects the company's technology landscape, cybersecurity and privacy risks, and strategic priorities.
• Lead IT general controls and IT application testing in support of SOX compliance, ensuring technology controls are appropriately designed, operating effectively, and aligned with external auditor requirements.
• Lead non-SOX IT and operational technology audits covering areas including cybersecurity, privacy, cloud infrastructure, data governance, third-party/vendor risk, IT change management, access management, business continuity, etc.
• Serve as the primary internal audit liaison for the CIO and CISO - providing regular updates on the IT audit plan, findings, and emerging technology risks, and functioning as a credible, independent thought partner on IT risk matters.
• Communicate IT audit results to executive leadership and the Audit Committee - translating highly technical findings into clear business risk language that drives informed decision-making.
• Partner with external auditors on SOX IT audit coordination, reliance strategies, and control testing to maximize efficiency and minimize duplication.
• Monitor remediation of IT audit findings, ensuring management addresses issues with sustainable solutions - not just temporary fixes.
• Stay ahead of the evolving technology risk landscape including AI governance, cloud security, ransomware, third-party risk, and regulatory developments affecting IT controls.
• Build and lead a high-performing global IT audit team, developing technical skills, audit methodology, and the ability to communicate complex findings to diverse audiences.
• Lead the development of AI-driven and automated audit processes to improve audit quality, efficiency, and scalability.

• Bachelor's degree in Information Systems, Computer Science, Accounting, or a related field required; advanced degree a plus.
• 10+ years of IT audit experience with at least 4 years in an IT audit leadership role.
• Big 4 public accounting background or equivalent public accounting experience strongly preferred.
• At least one active audit-related professional certification required: CISA, CISSP, CPA, CIA, etc.
  
  - CISA or CISSP strongly preferred for this role.
• Deep expertise in IT general controls, IT application controls, SOX ITGC compliance, and IT risk-based audit methodologies.
• Strong technical knowledge across key IT domains including cybersecurity, cloud platforms, access management, data governance, and IT infrastructure.
• Proven experience partnering directly with CIO and CISO-level stakeholders - able to engage credibly on technical matters while maintaining audit independence.
• Demonstrated ability to translate complex technical audit findings into clear, business-relevant narratives for executive and Board audiences.
• Experience leading non-SOX technology audits including cybersecurity assessments, vendor/third-party risk reviews, and cloud control evaluations.

• The IT audit program is risk-driven, well-respected, and viewed by business leaders as a value-adding function. The IT audit program is proactive, risk-driven, and consistently aware of the technology threats that matter most to the business.
• SOX ITGC audits are executed with precision and external auditors rely on IT audit work - reducing duplication and increasing efficiency.
• IT audit findings are written in language that business leaders can act on, not just language that auditors understand.
• The IT audit team is technically sharp, professionally credentialed, and recognized as a best-in-class function across the organization.
• The IT audit team is high-performing, engaged, and proud of the work they do.

Job : 328146

Posted On:

Location: Virtual, Virginia, United States

Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to…