IT Audit Manager (SOX, NIST CSF, CIS) - Hybrid in Pomona, CA

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a IT Audit Manager to join our team in Pomona, CA, US.

NTT DATA is seeking an IT Audit Manager with SOX audit experience to join our team supporting one of our prominent Real Estate/ Commercial Clients, whose main headquarters is located in Pomona, California.

The ideal candidate for this position will have 5+ years of experience conducting Gap Assessments and Regulatory Compliance Assessments across organizational assets (On-prem and Cloud) related to SOX, NIST CSF, CIS and other relevant standards, identifying areas of improvement, and developing mitigation measures or additional controls.

The IT Audit Manager will lead an Internal Audit Program, as an individual contributor, responsible for development and maintenance of an annual SOX Audit program, coupled with responsibility for leading other internal audits as part of the program.

Listed below are more Important Role Responsibilities:

Audit Program Management:

• Develop and maintain cross-organizational relationships; Establish strategic partnership with control owners, second line of defense, and privacy leaders
• Champion a culture of security for risk reduction and business enablement through proactive IT controls and audit training and the dissemination of policies and procedures
• Understand and implement procedures for company-wide adherence to SOX and other compliance programs ensuring compliance with all applicable policies, regulatory requirements, and standards
• Develop Annual Audit Plan and lead execution and maintenance of annual audit scope including but not limited to: SOX
• Collect and manage the evidence of adherence to regulatory requirements for internal and external inspection
• Establish meeting and reporting cadence to provide regular Audit Program Updates to stakeholders

SOX Compliance:

• Lead and participate in IT-related Sarbanes-Oxley compliance efforts, including documentation, testing, and remediation activities
• Collaborate with cross-functional teams to identify key IT controls, document control narratives, and assess control effectiveness
• Coordinate and process regular IT control testing to validate compliance with SOX requirements
• Provide support as SOX subject matter expert (SME) to ensure SOX compliance meets regulatory requirements

IT General Controls:

• Assess and evaluate IT General Controls (ITGCs) related to access management, change management, system development, and more
• Identify control gaps or weaknesses and work with IT teams to design and implement effective control measures
• Monitor ongoing ITGC compliance and assist in control testing and documentation updates

Audit Support:

• Educate and assist staff in understanding information security controls and compliance activities and requirements associated with Audit scope
• Serve as a liaison between internal and external auditors and IT departments during audits
• Prepare and provide necessary documentation and evidence to auditors, ensuring accurate and timely responses to audit requests
• Facilitate walkthroughs and discussions related to IT processes and controls for audit purposes
• Assist staff in planning appropriate responses to identified control deficiencies

Audit Recommendation/Remediation:

• Develop recommendations and support toward implementing the recommendations by collaborating and coordinating with the respective system owners
• Maintain understanding of dataflow/architecture to understand impacts and support control definition
• Provide guidance and/or recommendations to enable understanding of findings and remediation requirements
• Perform follow-up related to audit recommendations and remediation tasks/activities through completion

Risk Assessment:

• Partner with IT Control Owners to resolve control failures identified through risk assessments, internal/external audits, or cyber security assessments
• Assist in evaluating the potential impact and likelihood of identified risks and prioritize mitigation efforts
• Maintain IT control and issue documentation within GRC tool

Process, Policy, and Procedure:

• Assist in the development, implementation, and/or maintenance of IT compliance policies, procedures, and guidelines ensuring alignment with relevant security and regulatory requirements
• Work with process owners to identify and understand new business processes or changes to existing processes including process narratives, related flowcharts

Continuous Program Improvement:

• Identify opportunities, provide recommendations, and participate toward enhancing IT Audit and Compliance processes and control effectiveness based on audit findings and industry trends

**Must reside in the U.S. as this is a Hybrid position. Remote and partial onsite work (expected T, W, Th; standard 8am-5pm PST) at the client’s Pomona, California location.

Required Skills & Experience:

• 5+ years of experience managing IT audit engagements, and to include:
  • Ability to drive IT teams and escalate where necessary to ensure timely delivery of audit and compliance services
  • Ability to manage competing priorities and comfortable to work through ambiguity
• 5+ years of experience conducting Gap Assessments and Regulatory Compliance Assessments
• Application experience of SOX, ITIL, NIST 800-53, NIST CSF, NIST RMF, ISO27001, CIS Controls, IT General Controls, and/or other relevant regulatory frameworks is a must
• Experience with application of audit methodologies, risk assessment, and control evaluations to include documenting processes, control narratives, and audit findings

Desired Skills / Certifications:

• Attention to detail and ability to work independently and collaboratively
• Excellent oral and written communication skills
• Strong interpersonal, analytical, and problem-solving skills
• Preferred Cloud experience with SOX
• One or more professional certifications: CISA, CISM, CRISC, ISO Lead Auditor, or equivalent
• Familiarity with project management practices and techniques
• Experience working in a matrixed cross-functional environment within a service organization
• Bachelor’s degree: Information Technology, Computer Science, Engineering, or related field

Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this role is $129k - $160k. Actual compensation will depend on a number of factors, including the candidate’s relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance. This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.

About NTT DATA

NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at us.nttdata.com.

NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.