Senior IT Auditor

Summary: Internal Audit is an independent, objective, assurance and consulting function that strengthens risk management, control, and governance at World through a systematic, disciplined approach. The team also evaluates Sarbanes-Oxley (SOX) internal controls over financial reporting, including the Information Technology General Controls (ITGCs) to support integrity, security, and reliability of financial systems and business operations. The Senior IT Internal Auditor plays a key role in this mission by assessing IT security, financial reporting controls, technology-specific compliance, and adherence to consumer lending laws and internal policies. This role includes conducting assurance and advisory engagements, analyzing IT risks, summarizing findings, and contributing to reports for the Risk Committee, Audit Committee, and Board of Directors. As the subject matter expert in ITGCs, data analytics, and process improvement, the Senior IT Internal Auditor provides critical insights that enhance operational efficiency and compliance. This role offers cross-functional collaboration, exposure to senior leadership, and engagement with external auditors, positioning the auditor for future career growth and expanded responsibilities. Internal Audit operates independently, reporting administratively to the General Counsel & Chief Compliance Officer in Greenville, SC and functionally to the Audit Committee.

Essential Duties and Responsibilities:

• Lead and perform IT and security audits, including the assessment of IT General Controls (ITGCs) and IT risks impacting internal control over financial reporting (ICFR) under Section 404 of the Sarbanes-Oxley Act (“SOX”).
• Conduct in-depth process walkthroughs with control owners to assess SOX-related business processes, internal control frameworks, and governance structures.
• Design and implement data-driven audit testing methodologies, ensuring key financial and IT controls are suitably evaluated, data integrity is maintained, and results are reliable, actionable, and well documented.
• Identify, assess, and report control deficiencies, provide data-backed insights, and collaborate with stakeholders to encourage risk-mitigating solutions.
• Serve as a key liaison between External Audit, Internal Audit, IT, Security, and Business Units, fostering a cross-functional collaboration to successfully assess SOX-specific control effectiveness and compliance.
• Function as an extension of the Internal Audit Manager, leading subordinates through testing assignments, providing coaching and feedback, as well as maintaining SOX-related assessment updates to Internal Audit leadership on a continuous basis.
• Perform the first-level review and sign-off on IT Internal Audit testing workpapers, validating accuracy, completeness, and compliance with audit requirements.
• Prepare high-quality audit reports and executive-level briefings, summarizing key findings, risk implications, and strategic recommendations for senior management, the Risk Committee, the Audit Committee, and the Board of Directors.
• Facilitate external auditor ITGC SOX-related engagements, ensuring efficient coordination of agreed-upon procedures and seamless collaboration between internal and external audit teams.
• Drive ITGC remediation efforts, tracking progress on corrective actions, ensuring timely resolution of audit findings, and encouraging management to strengthen the company’s control environment.
• Provide subject matter expertise in IT audit, cybersecurity risks, and SOX compliance, continuously refining IT audit practices to address industry best practices, cybersecurity threats, regulatory changes, and advancements in IT governance.
• Lead specific Internal Audit projects working alongside IT, Security, and Data Analytics teams to enhance audit methodologies, risk-based audit approaches, and control testing automation (e.g., CAATs, branch audit reporting, maintenance of databases, etc.)

Qualifications:

The following qualifications represent the knowledge, skill, and abilities required for this role:

Core Competencies:

• Expertise in IT Audit & Security: Strong understanding of information technology risks, cybersecurity frameworks, and IT General Controls (ITGCs) as they relate to financial reporting, regulatory compliance, and risk management.

• SOX 404 & Internal Audit Knowledge: In-depth experience with Sarbanes-Oxley (SOX) compliance, control testing methodologies, and internal audit best practices.
• Advanced Analytical & Problem-Solving Skills: Ability to assess complex IT and financial risks, interpret audit findings, and develop actionable recommendations.
• Superior Communication & Reporting: Skilled in writing clear, concise audit reports and presenting technical findings to senior leadership, external auditors, and cross-functional teams.
• Integrity & Confidentiality: Demonstrated integrity, objectivity, confidentiality, and professional competency, to lead engagements upholding professionalism, discretion, and adherence to the Institute of Internal Audit (IIA) ethical audit standards.
• Interpersonal & Relationship-Building Skills: Proven ability to collaborate effectively across all levels of the organization, from technical teams to executive leadership.
• Project & Time Management: Strong ability to manage multiple audit priorities and meet critical deadlines without compromising quality.
• Flexibility and willingness to work extended hours to meet critical deadlines.

Technical Skills: 

• Experience with enterprise GRC platforms (e.g., Workiva (Wdesk), RSA Archer, AuditBoard, or similar)
• Strong proficiency in Microsoft Office Suite (Excel, Access, Word, Adobe, Outlook, PowerPoint)
• Highly desirable: Familiarity with data analytics such as SQL, ACL, Power BI, Python, or other data-driven tools.

Education and/or Experience:

• Bachelor’s degree. (Information Technology, Cybersecurity, Computer Science, or a related field preferred)
• 3-6 years of professional experience in external or internal auditing, with a focus on IT controls, cybersecurity, risk management, or regulatory compliance.
• Big 4 or SOX 404 experience in a corporate or public accounting firm preferred but not required.
• Experience with IT frameworks such as NIST, COBIT, or ISO 27001 preferred but not required.
• Certifications such as CISA, CIA, CPA, CISSP, or CRISC (or a strong desire to obtain one).

Physical Demands:

• Must be able to constantly remain in a stationary position.
• The person in this position occasionally needs to move about inside the office to access file cabinets, office machinery, etc.
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer.
• Occasionally it may require light lifting to 25 pounds.

Work Environment:

• Office environment.
• Occasional travel may be required.

This job description reflects management’s assignment of essential functions; and nothing in this herein restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

It is the policy of World Acceptance Corporation to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, World Acceptance Corporation will provide reasonable accommodations for qualified individuals with disabilities.