Director, Product and Technology, IT Audit at Paylocity
As the Director in Product & Technology over IT Audit, you will be accountable for ensuring the timely execution of IT audits and IT controls testing in accordance with Paylocity’s audit methodology. In this role you will be accountable for the audit coverage of the following functions: Product & Technology, Cyber and Information Security, Business Continuity, and all IT general controls that support financial reporting (SOX, SOC). We are looking for an IT Audit leader who is curious, a builder, a critical thinker, who can collaborate effectively to drive IT audit engagements and strategic projects from inception to execution, reporting and closure.
Are you the leader we are looking for?
Who you are:
- You anticipate questions, independently assess risk, and think critically and creatively
- Strong curiosity and bias for pro-active planning, action, ownership, learning, and continuous improvement
- Both a doer and a leader that can operate at a granular level
- A superior communicator with an affinity for change and transformation
- Highly emotionally intelligent, possessing the ability to adjust style to meet the needs of the audience
- At ease working at all levels of the organization and comfortable providing feedback to an array of stakeholders
During the first six months, you will:
- Assess IT audit findings / gaps including control and process weaknesses. Assist partners with the development of management action plans.
- Measure the effectiveness of our IT Audit and Control framework identifying and implementing improvements
- Perform self-testing of our controls to help ensure timely identification and resolution of possible breakdowns
- Build and lead the Technology compliance program and Technology internal audits
- Conduct assessments of all technology and Information Security controls providing expertise and advice to enhance their design, effectiveness, and maturity
- Work with executive stakeholders to regularly report on the effectiveness of our internal controls structure
- Work with Technology control owners to ensure control documentation is updated, tested, and any remediation is completed.
- Experience in Public Accounting (i.e. Big 4 Accounting firms) and company experience in IT audit, SOX program management, ideally in a SaaS environment
- One or more current qualifications – CISA, CRISC, CISSP, or CPA
- Experience in crafting and evaluating internal controls associated with cloud-based systems (e.g. Workday, AWS, Salesforce) and ability to understand and navigate sophisticated home-grown systems
- Expert-level knowledge of IT policies, laws, standards and frameworks applicable to the specific technical role e.g. COSO, ISO27001, ISO27017, ISO27018, ISO27701 and other related frameworks
- Expertise of IT risk, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis
- Experience with all aspects of regulatory, industry and contractual compliance, especially Privacy (e.g. GDPR and CCPA), Security, and Health Information Portability and Accountability Act (HIPAA) requirements as they relate to IT a plus
- Bachelor’s degree