SOX IT PMO Manager

Intuit’s Finance team drives business growth and profitability through strategic, financial and operational leadership. Come join the Finance team as the SOX IT PMO Manager with the Internal Audit SOX IT team. Internal Audit supports the achievement of Intuit’s goals through trusted partnerships, objective risk identification, and innovative audit services.

As a member of Intuit’s Internal Audit team, collaborate with colleagues and stakeholders to deliver operational, compliance and integrated audits with special emphasis on system implementations, readiness, cybersecurity and privacy. You are a driven manager who is looking to put their auditing experience and technical expertise to deliver on the Internal Audit Plan.

As an individual contributor manager (managing 3rd party resources in a co-sourced model) you will manage, define, communicate, and fulfill project goals, manage risk, and break complex issues into manageable parts. You will have strong leadership, collaboration, communication and team-building skills coupled with a demonstrated drive to achieve goals. You will work with the Engineering, IT, Security and Privacy functions of this fast-paced, rapidly changing business, and directly with key stakeholders to drive results on SOX IT audits. You are excellent at communicating vertically and horizontally across the company and will be comfortable working cross-functionally and providing technical guidance to other teams within internal audit.

Core responsibilities include:

• Manage the overall SOX IT schedule, program and timeline including but not limited to internal and external stakeholders. Ensure completion of all planned activities on time and within budget.
• Drive continuous improvement with Engineering teams and leaders for SOX IT GCC and Automated controls.
• Provide oversight and project management of “special projects”, including planning, coordination and communication.
• Build and maintain a process to assess current resourcing and budgeting for actuals and projections for “Run the Business” and new initiatives.
• Provide technical support in the assessment, design and implementation of ITGC requirements in high risk areas (Logical Access and Change management).
• Review control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC.
• Review test findings, facilitate the remediation of ITGC control gaps, and escalate critical issues to senior management within IT.
• Assist in the planning, scoping and execution of walkthroughs and testing primarily in areas associated with technology and technology-related risks including reviews of new and enhanced products and supporting systems, process changes and system implementations.
• Work cross-functionally with technology (engineering) organizations to provide knowledge sharing around ITGCC and IT Automated  test controls  expectations to meet information security and privacy requirements. Understand applicable laws and regulations to provide a point of view on audit requirements related to information security and privacy controls.
• Work with management and users to interpret the significance of audit findings, conclude on findings, make practical recommendations, and verify that remediation plans are implemented.
• Lead the documentation drafting process including framing of SOX observations within the relevant business context, formulation of practical recommendations that balance stakeholder needs, and development of useful insights for management.
• Manage and coordinate with the offshore SOX IT testing team to ensure timely handover of information, completeness and accuracy of data and clear and precise reporting/communication.
• Manage key stakeholder communication with CyberCraft (Security compliance teams) to ensure appropriate participation, planning, engagement and results for SOX IT with the appropriate detail and specifications
• Manage and perform technology driven SOX readiness projects with an end goal of having a complete and accurate IT GCC RACM and relevant IT Automated controls
• Drive timely delivery of expected testing data from IT Risk and Compliance teams
• Manage co-sourced vendor expectations and delivery from both the technical and program perspective to ensure alignment with adequate quality and internal audit expectations
• Perform quality assurance for workpapers, and communicate across partners (internal and external) to ensure compliance
• Demonstrate strong technical skills and understanding of key security, privacy, agile engineering practices.

Qualifications:

• 7 years of progressive internal audit experience in either Big 4 public accounting, and/or in industry, including at least 3-5 years of supervisory responsibility
• Bachelor’s or Master’s degree in a relevant discipline (e.g. Computer Science) or equivalent work experience
• CISA, CISM and/or CISSP certifications preferred
• Demonstrated knowledge of technology risks, including direct experience evaluating the effectiveness of cybersecurity, privacy and engineering controls 
• Working knowledge of information technology best practices and control frameworks such as NIST CSF and COBIT
• Demonstrated influencing skills including the ability to explain complex topics in simple terms and inspire transformational improvement in internal controls
• Excellent written & verbal communication and presentation skills