Sr. IT Auditor - Boise, Idaho

Overview

American Credit Acceptance (ACA) has an exciting opportunity for a Sr. IT Auditor to join our dynamic Internal Audit team. The candidate shall perform and execute the annual internal audit plan of IT, operational, field, compliance, regulatory and investigative audits to ensure the reliability and integrity of information, compliance with policies and regulations, the safeguarding of assets, the economical and efficient use of resources and established operational objectives of American Credit Acceptance.   This responsibility includes helping to develop IT audit scopes, performing IT audit procedures, and preparing internal audit reports reflecting the results of the work performed. The candidate will be involved with all facets of Information Technology and Information Security and must be able to clearly articulate technical related risks to technical and non-technical members of executive management.

This is an on-site role in Spartanburg, SC. 

Essential Functions

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Primary function will be to perform risk based/security audits in areas including, but not limited to, applications (internal & external facing), databases, operating systems, network, sensitive data, patch management, change management, BCP/DR, third party, cloud, etc.
• Performs regulatory or compliance audits as required.
• Interact with external audit firms and provide guidance and support for audit engagements.
• Effectively analyzes and assesses risk to develop audit procedures, execute test procedures, and conclude on the operating effectiveness of relevant controls through the development of formal reports.
• Leverages appropriate resources for planning the audit engagement, and effectively leads interviews/meetings to ensure relevant information is obtained for analysis.
• Performs an appropriate level of testing based on the scope and risk, without over- or under-auditing.
• Produces work paper documentation that is clear and concise, provides adequate detail of work performed and conclusions reached, meets department and professional standards, and is sufficient to receive a satisfactory rating from reviewers.
• Communicates obstacles or problems as they are encountered throughout the audit.
• Plans and conducts audits of the organization's information systems and related processes to identify risks impacting integrity, reliability, efficiency, and security of applications, platforms, or procedures.
• Identifies control issues and findings timely, and ensures findings are based on relevant facts and are accurately characterized (based on risk). 
• Clearly communicates control findings to Internal Audit Management as they are identified.
• Maintaining appropriate industry associations to keep up to date with emerging technologies/IT risks and identify/leverage audit best practices. Working with ACA’s external auditors to coordinate IT coverage across areas of responsibility and ensure that audit work is comprehensive and sufficient to allow the external auditors to rely on the work. 
• Challenges the ‘status-quo’ and brings original ideas to the team.
• Fosters a team environment, is inclusive and works well with others.
• Other tasks as assigned

Qualifications

• Bachelor’s degree in related field required (e.g., Computer Science, Management Information Systems, Accounting)
• CISA, CISSP, CISM, or plans to pursue other relevant certification preferred.
• 2 - 4 years of relevant experience preferred.  
• Business risk awareness and appropriate judgment to use a risk-based approach while executing the audits.  
• High level of tact and ability to communicate complex and potentially sensitive issues to various levels of management – both within ACA’s IT functions and outside to key non-technical business personnel. 
• Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
• Must possess excellent communications skills (written and oral).
• Excellent presentation, relationship building and interaction skills. 
• Must possess strong computer skills (MS Word, Excel, Access, and Power Point).
• Must be able to think analytically, independently and objectively.
• Ability to work with all levels of staff and management (including C-level executives).   
• Must have working knowledge of tools & technical processes including: identity & access management, database management; software development and quality assurance methodologies, change management, vulnerability management, penetration testing, data loss prevention, batch processing, business continuity/disaster recovery planning; enterprise architecture, telecommunications, data center operations, etc. 
• Must have working knowledge of Application Software (internal & external facing), Storage Systems (SAN, NAS, and Data Warehouse), Databases (SQL), OS (Windows/Linux), Client-Server Systems, OSI, TCP/IP, LAN/WAN, Wireless Networks, Cloud Computing Systems, Microsoft Azure, Amazon Web Services (AWS), Active Directory, Microsoft Office 365, Virtualization, etc.
• Understanding of IT control frameworks (COBIT, ISO 27002, NIST, ITIL, etc.) is a plus.
• Knowledge of SOX 302/404, SSAE 16/SOC1/2/3, PCI and/or GLBA is a plus.

Supervisory Responsibility

This position may have limited supervisory responsibilities.

Work Environment and Physical Demands

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Position Type/Expected Hours of Work

This is a full-time position with a work schedule of Monday-Friday with some schedule variations as needed.

Travel

Up to 10% travel could be expected for this position.

EEO Statement 

ACA provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws.  ACA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. 

California Privacy Notice

"As an employer of California residents, we are dedicated to protecting your privacy rights. Any personal information you provide during the application process will be used solely for permitted internal purposes and will be handled in accordance with applicable privacy laws. By applying to this position, you consent to the collection, use, and disclosure of your personal information as described in our Employee Privacy Notice."

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

You are not officially considered an applicant unless you have completed an employment application in ACA's online applicant tracking system, iCIMS.

#LI-MR1