Summary:This new position provides an opportunity for a motivated technology and information security audit professional to make a strong contribution to Global Payment's growing Audit Services Group team.
As a leading payments processor, Global Payment's management recognizes the importance of managing and responding to risk.Audit Services Group is an integral and valued component to Global Payment's risk management environment and works closely with management to deliver value-added and challenging audit projects in the area of information technology, information security, business operations, finance & accounting, and compliance using progressive audit procedures. Our philosophy is to evaluate complex business processes utilizing a risk-based approach, and to provide the greatest value to our internal clients. We strive to apply tailored and progressive audit procedures and to avoid standard check the box auditing. The department is consistently recognized for its contributions to organizational improvements due to its diverse, energetic, and collaborative approach when
working with management.
This role will deliver a diverse array of information technology and information security audits that include in-depth analysis and understanding of supporting business processes. This position will have the opportunity to evaluate numerous technology platforms and apply process, technology, and security risk considerations. The candidate should have experience with a wide array of technology processes, such as infrastructure design and management, information security operations, service management, software development lifecycle, disaster recovery planning, etc. This position provides the opportunity for future career advancement as well as exposure to senior leadership and organizational divisions across the globe.
The Audit Services Group team focuses heavily on risk-based audits that help management identify and reduce organizational risk.These projects vary each year and provide a high degree of challenge and diversity. The team also performs internal advisory
projects and supports compliance audit responsibilities.
• Conduct risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
• Strong focus on information technology and information security controls in executing integrated, risk-based audits to evaluate the design and effectiveness of internal controls. Auditor will also focus on the integration of IT and business process risk considerations within the audit process.
• Detailed understanding of IT managed processes, including technology architecture, system build, provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.
• Evaluate key information security risks including confidentiality, integrity, and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.
• Evaluate root cause factors for audit testing exceptions and recommend practical solutions that reduce risk and strengthen business process and controls.
• Ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.
• Build and develop Audit Services Group's brand within the company through meaningful relationship building.
• Enable continuous improvement of the Audit Services Group department by identifying and communicating enhancement opportunities to department leadership.
• Support the development of other team members within the Audit Services Group department.
Knowledge, Skills, and Abilities:
• Audit and/or consulting experience in most of these areas:
o Information and data security for payment card data and publicly-identifiable information o Application security, including segregation of duties and least privileged access o Technology infrastructure security, including mainframe, UNIX/LINUX, Windows, SQL Server, and Oracle
o Integration of business process controls with supporting technologies. Business process workflow
documentation, including identification of key risks and the corresponding business and technology controls o Systems development, project management and change management o Agile software methodologies o IT infrastructure design, management, and operations o Exposure to Cloud Computing, Cloud Delivery, and/or Automated Cloud techniques such as CI/CD o Business continuity and disaster recovery o SOX/SSAE18 control testing
• Ability to work in a complex, fast-paced, and dynamic environment.
• Demonstrate strong project management and execution skills, including: prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.
• Tailor project approaches based on areas of key risks. Critically evaluate audit procedures to maximize the value of each audit project.
• Strong communication and presentation skills with an ability to tailor communications to different audiences.
• Prepare clear, concise, and accurate documentation and audit reports.
• Pursue work with enthusiasm, energy, drive, and team collaboration.
• Establish and build effective relationships.
• Collaborate with management and senior leadership to improve internal controls and processes.
• Assist and provide guidance to the Audit Services Group staff, when needed; train staff during fieldwork.
• Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.
• Knowledge of auditing principles and practices as well as the analysis and reporting of audit information.
• Bachelor's degree in Accounting, Audit, Business Management, Information Technology, or Information Security
• Experience with internal control frameworks, including COBIT, FFIEC, PCI DSS, Sarbanes-Oxley, ISO27001, and ITIL
• 3+ years of relevant audit and risk management experience.
• Ability for 10-15% travel, including some international travel
• Big Four audit experience
• Merchant Acquiring, Payment Processing, Financial Services industry, OR Consumer and Business Financial Solutions experience
• CIA, CISA, CISM, CISSP or other relevant certifications
• Familiarity with common technology control frameworks, including COBIT, NIST Cybersecurity, ISO 27000, PCI-DSS, and FFIEC IT Handbook
Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.
Apply on company website