Technology Audit Manager

Job Overview

Intuit’s Finance team drives business growth and profitability through strategic, financial and operational leadership. Come join the Finance team as a Technology Audit manager with the Internal Audit team. Internal Audit supports the achievement of Intuit’s goals through trusted partnerships, objective risk identification, and innovative audit services.

Responsibilities

As a member of Intuit’s Internal Audit team, collaborate with colleagues and stakeholders to deliver operational, compliance and integrated audits with special emphasis on system implementations, cybersecurity and privacy.

As an individual contributor you will primarily focus on ISO 27001 the internal audit certification process. In this role you will oversee the planning, execution, and reporting of internal audits to ensure an organization's Information Security Management System (ISMS) is compliant with the ISO 27001 standard. You would also be responsible for assessing risks, identifying weaknesses, and recommending improvements to the ISMS.

Additionally,  You will work with the Engineering, IT, Security, Privacy and other functions of this fast-paced, rapidly changing business, and collaborate directly with key stakeholders to drive assurance and advisory audits. You are excellent at communicating vertically and horizontally across the company and will be comfortable working cross-functionally and providing technical guidance to other teams within Internal Audit.

Core responsibilities include:

• Planning and Execution of Audit, including the development and implementation of internal audit plans. This includes defining the scope, frequency, and methods of audits, considering the importance of processes and previous audit results.
• Lead and guide audit teams. Oversee internal and external (co-sourced) resources to ensure the audit plan is being followed effectively and efficiently, timely and within budget. This involves directing the audit process, ensuring objectivity, and impartiality while maintaining a collaborative engagement model with security and compliance teams across Intuit. .
• Conduct audits in accordance with standards and frameworks to assess controls and their effectiveness. This includes gathering information, reviewing documentation, assessing compliance, and identifying potential non-conformities.
• Prepare and distribute audit reports. Verify compliance with ISO 27001 and other auditing standards (as needed) to prepare reports for internal stakeholders and external regulators. This involves documenting audit findings, observations, and recommendations for improvement. All observations and recommendations have to be socialized across the organization and corresponding management action plans, timelines and resourcing commitments will need to be in place prior to report finalization. Work with cross-functional teams, including IT, security, and other relevant departments, to ensure alignment and effective implementation of ISMS improvements. This includes communicating both verbally and in writing across all levels of the organization prior to report finalization.
• Continuous program improvement. Identify trends, patterns, and potential issues, and use this information to inform future audit plans and ISMS improvements in collaboration with the technical compliance team and other engineering partners. Assist the organization in understanding audit findings and developing corrective actions to address non-conformities and improve the ISMS.
• Other Key Responsibilities. Stay updated on key technology skills, industry best practices and regulations. Keep abreast of changes to the ISO 27001 standard and other relevant regulations. Lead and mentor a team of auditors: Provide guidance, training, and support to audit team members. Develop and maintain audit procedures and documentation: Ensure that audit processes are documented and followed consistently.

Qualifications

• 8+ years of progressive internal audit experience in either Big 4, and/or in SaaS/Fintech industry
• Bachelor’s or Master’s degree in a relevant discipline (e.g. Computer Science) or equivalent experience
• Third party vendor experience, including managing large technology compliance programs in a co-sourced model
• Strong knowledge and hands on experience in auditing platforms that are developed in the AWS cloud environment, utilizing microservices based modern techstack.
• Strong influencing capabilities, including the ability to simplify complex subjects and excellent written, verbal communication, and presentation abilities.
• Experience conducting audits within a complex operational and regulatory environment.
• Extensive program management background, skilled in managing large-scale, company-wide audit initiatives.
• Demonstrated knowledge of technology risks, including direct experience evaluating the effectiveness of cybersecurity, privacy and engineering controls.
• Strong working knowledge of information technology best practices and control frameworks such as ISO 27001, NIST CSF and ISO 42001
• AWS practitioner/associate, CISA or CISSP certifications preferred