IT Audit Principal

What you'll be doing

• Lead the evaluation and ongoing monitoring of ITGCs to ensure adequate design, operating effectiveness, efficiency, and compliance with SOX requirements and regulatory expectations.

• Assess cybersecurity controls that intersect with ITGC domains, including identity and access management, privileged access, logging/monitoring, vulnerability management, and incident response.

• Drive evaluation of broader cybersecurity programs (e.g., NIST, ISO 27001) as dictated by our audit plan and underlying business objectives.

• Provide thought leadership and partnered advisory in the planning, scoping, and execution of IT SOX testing activities, including risk assessments and control rationalization.

• Evaluate System Development Life Cycle (SDLC) controls to ensure secure system implementation practices, including secure coding, change management, and vulnerability remediation.

• Partner with cybersecurity teams to assess risks related to cloud environments, infrastructure, and applications, ensuring appropriate controls are designed and operating effectively.

• Act as a liaison to external auditors for ITGC and cybersecurity-related audits, ensuring alignment and timely communication of findings.

• Lead root cause analysis and provide recommendations for control deficiencies, including those related to cybersecurity incidents and/or control gaps.

• Provide independent and objective advisory to IT and business stakeholders on control design, risk mitigation, and cybersecurity best practices.

• Develop, review, and maintain IT control documentation, including process flows, narratives, and control matrices, ensuring alignment with both SOX and cybersecurity requirements.

• Oversee and enhance the quarterly SOX certification process, incorporating cybersecurity risk considerations where applicable.

• Monitor emerging cybersecurity threats, regulatory changes, and industry trends, and assess their impact on the organization’s control environment.

• Enable continuous improvement initiatives across IT Audit and cybersecurity programs, including automation and deployment of new technologies.

• Support executive leadership with special project advisory that inform strategic initiatives, risk assessments, and special transformational projects as needed.

• Build and leverage AI solutions and workflows to enable capacity or unlock capability for an Internal Audit function.

What you'll likely bring

• 8+ years of progressive experience in IT audit, IT compliance, SOX, and/or cybersecurity risk management (public accounting and/or industry). Big 4 is a plus.

• Specialized experience in the Software industry.

• Bachelor’s degree in Information Systems, Cybersecurity, Accounting, Finance, or related field.

• Relevant certifications such as CISA, CISSP, CISM, CRISC, CIA, or CPA (or equivalent).

What can set you apart

• Deep experience auditing or supporting systems such as Kinetic, SalesForce, Workday, Microsoft Azure (Entra ID), Active Directory, and different types of cloud environments (IaaS, PaaS, and SaaS).

• Strong knowledge of ITGC domains (Access Management, Change Management, Interfaces, Backups, Disaster Recovery), SDLC, and their intersection with cybersecurity controls.

• Deep experience performing cybersecurity audits.

• Strong understanding of SOX requirements (e.g. 302, 404), principles-based internal control-integrated framework (COSO), IT Frameworks (e.g., COBIT) and cybersecurity control frameworks (e.g., NIST CSF, ISO 27001, CIS Critical Security Controls).

• Understanding of data protection, privacy regulations, and secure architecture principles.

• Experience leveraging automation and tools such as Workiva Wdesk, GRC platforms, and AI tools (ChatGPT, Copilot, Claude, etc.).

• Strong analytical, problem-solving, and risk assessment skills.

• Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organization.

• Ability to manage multiple priorities, execute complex tasks, and operate both strategically and tactically.

#LI-CM1

#HYBRID

Whatever your career journey, we’ll help you find the right path. Through our training courses, mentorship, and continuous support, you’ll get everything you need to thrive. At Epicor, your success is our success. And that success really matters, because we’re the essential partners for the world’s most essential businesses—the hardworking companies who make, move, and sell the things the world needs.

Recruiter: