Senior IT Auditor

Join to apply for the Senior IT Auditor role at iHerb, LLC

This is a remote role with benefits including company-paid medical premiums, bonuses, long-term equity in the form of RSUs, and more. For details, visit www.iHerbBenefits.com.

The Senior IT Auditor will develop strong relationships across all levels of the organization to ensure compliance and industry standards. Reporting to the Sr. Manager, IT Internal Audit, this role involves planning, supervising, and executing audits, SOX ITGC compliance, risk assessments, and consulting to mitigate risks, improve controls, and support continuous improvement.

• Achieve and maintain compliance with statutory and regulatory obligations through audits and controls assessments across financial reporting, information security, ERP systems, data protection, and PCI standards.
• Lead complex IT audits based on COBIT methodology covering system development, security, change management, networks, operations, and disaster recovery.
• Evaluate control design and effectiveness, monitor issues, develop remediation plans, and prepare compliance summaries.
• Collaborate with compliance and IT management throughout the compliance cycle.
• Assess security controls for on-premise and cloud technologies.
• Apply internal control standards (Sarbanes-Oxley, COSO, COBIT) and control testing strategies.
• Review and evaluate SOC reports and IT general controls related to system development, change management, and access controls.
• Conduct hands-on security assessments across domains including security management, architecture, access control, and business continuity.
• Develop audit work plans, draft reports, communicate findings, and drive remediation efforts.
• Build collaborative relationships and uphold high ethical standards.
• Coordinate work with external co-sourced resources.

• Experience with public company clients and driving SOX programs, ideally from a Big 4 background.
• Proven track record in planning and executing IT internal audits.
• Expertise in internal controls, SOX compliance, and enterprise risk management.
• Strong understanding of business processes and system applications.
• Excellent leadership, communication, and project management skills.
• Ability to proactively solve problems and improve processes.
• Experience with IT General Controls, IT Application Controls, and risk evaluation based on COSO and COBIT principles.
• Knowledge of IT security fundamentals, including security management, architecture, access control, and disaster recovery.
• Experience with SAP, cloud compliance, and PCI audits, with at least two years in IT audit/technical roles.

• Auditing SAP and designing procedures for custom IT systems.
• Proficiency with Microsoft Office and Google Workspace.

• Minimum three years of public accounting or industry experience.
• Bachelor’s in Information Systems or related field preferred.
• CPA, CISA, CIA, or CISM certification, especially from a Big 4 firm, is highly preferred.