Senior IT and Security Auditor
Office, Richardson, Texas
Global Payments
Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
Purpose
As a Fortune 500 payments technology company, Global Payment’s management recognizes the importance of managing and responding to risk. Internal Audit is an integral and valued component of Global Payments’ risk management environment. It works closely with management to deliver value-added and challenging audit projects in the areas of information technology, information security, business operations, finance & accounting, and compliance using progressive audit procedures. Our philosophy is to evaluate complex business processes utilizing a risk-based approach and to provide the greatest value to our internal clients. We strive to apply tailored and progressive audit procedures and to avoid standard check-the-box auditing. The department is consistently recognized for its contributions to organizational improvements due to its diverse, energetic, and collaborative approach when working with management.
This role will deliver a diverse array of information technology and information security audits that include in-depth analysis and understanding of supporting business processes. This position will have the opportunity to evaluate numerous technology platforms and apply process, technology, and security risk considerations. Specifically, the role will have the opportunity to evaluate technology risks and controls within major cloud technology provider environments (e.g., Amazon AWS, Google GCP, and Microsoft Azure) as the company continues cloud technology strategic initiatives. The candidate should have experience with a wide array of technology processes, such as infrastructure design and management, information security operations, service management, software development lifecycle, disaster recovery planning, etc. This position provides the opportunity for future career advancement as well as exposure to senior leadership and organizational divisions across the globe.
The Internal Audit team focuses heavily on risk-based audits that help management identify and reduce organizational risk. These projects vary each year and provide a high degree of challenge and diversity. The team also performs internal advisory projects and supports compliance audit responsibilities.
Familiarity with the payment processing industry and common technology control frameworks, including COBIT, NIST Cybersecurity, ISO 27000 series, PCI-DSS, and FFIEC IT Handbook is also preferred.
Essential Responsibilities
Support controls testing for risk-based audits and supports the project team with all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
Willingness to learn and grow technical knowledge through team collaboration. Projects will include a strong focus on information technology and information security controls in executing integrated, risk-based audits to evaluate the design and effectiveness of internal controls. The auditor will also focus on the integration of IT and business process risk considerations within the audit process.
Familiarity and understanding of technology control application in on-premise environments vs. increased automation of controls within cloud service provider (CSP) environments.
Understanding of IT-managed processes, including technology architecture, system build, and provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.
Evaluate key information security risks including confidentiality, integrity, and availability of technology components through a review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense-in-depth strategies.
Evaluate root cause factors for audit testing exceptions and recommend practical solutions that reduce risk and strengthen business processes and controls.
Ensure audit testing work papers are documented in a consistent and high-quality manner while executing project tasks in adherence to established timelines.
Build and develop Internal Audit’s brand within the company through meaningful relationship building.
Enable continuous improvement of the Internal Audit department by identifying and communicating enhancement opportunities to department leadership.
Support the development of other team members within the Internal Audit department.
Knowledge, Skills, and Abilities
Audit and/or consulting experience in the following:
Information and data security for payment card data and publicly-identifiable information
Technology control applications within cloud environments and usage of automated, processes and cloud architectures such as CI/CD deployment pipelines, infrastructure-as-code, containerization, etc
Application security, including segregation of duties and least privileged access
Technology infrastructure security, including cloud computing, mainframe, UNIX/LINUX, Windows, SQL Server and Oracle database
Systems development, project management, and change management
On-prem and/or cloud IT infrastructure design, management, and operations, Business continuity and technology resiliency including high availability and disaster recovery architecture
Integration of business process controls with supporting technologies. Business process workflow documentation, including identification of key risks and the corresponding business and technology controls
Ability to work in a complex and evolving environment.
Demonstrate strong project management and execution skills, including: prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.
Tailor project approaches based on areas of key risks. Critically evaluate audit procedures to maximize the value of each audit project.
Strong communication and presentation skills with an ability to tailor communications to different audiences.
Pursue work with enthusiasm, energy, drive, and team collaboration.
Establish and build effective relationships.
Collaborate with management and senior leadership to improve internal controls and processes.
Demonstrates ability to consider all team member’s input before decision-making.
Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners before presentation to management.
Required Qualifications
1+ years of relevant audit and/or risk management experience.
Knowledge of auditing principles and practices, and the analysis and reporting of audit information.
Bachelor’s degree in Auditing, Business Management, or Information Technology.
Merchant Acquiring / Payment Processing, Card Issuance, and Private-label Consumer Solutions industry experience preferred.
Familiarity with internal control frameworks, including COBIT, FFIEC, PCI DSS, Sarbanes-Oxley, ISO27001, and ITIL
Open to 10-15% travel requirement, including some potential international travel
Merchant Acquiring / Payment Processing, Card Issuance, and Private-label Consumer Solutions industry experience preferred.
CIA, CISA, CISM, CISSP, or other relevant certifications are preferred
Professional services audit or risk advisory experience preferred
Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact jobs@globalpay.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits Automation AWS Azure CIA CI/CD CISA CISM CISSP Cloud COBIT Compliance FFIEC Finance GCP Incident response ISO 27000 ISO 27001 ITIL IT infrastructure Linux Mainframe Monitoring NIST Oracle PCI DSS Pentesting Risk assessment Risk management SDLC SQL SQL Server UNIX Vulnerability management Windows
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.