Internal Compliance Auditor
Location: Denver, CO
To protect company assets by developing and maintaining company policies and procedures; completing and/or assisting with internal and external SSAE 16 and PCI audits; ensuring compliance with regulations and internal controls; recommending improvements in internal control structure.
What You Are Accountable For
Compliance with PCI
Compliance with SSAE 16 SOC 2 Type 1,2
Ensuring internal and external policies are understood, enforced, and followed
Working with management and/or external auditors to create compliance reports
Knowledge, Skills, & responsibilities
Demonstrate and apply a thorough understanding of complex information systems and network technologies.
Broad exposure to internal audit operations, including performance of risk analysis, analytical reviews of data and development of audit programs.
Document business processes, identifying controls and control gaps, testing controls, documenting results of tests and management action plans.
Work closely with Director of Compliance and IT management to identify enterprise risks relevant to the organization.
Supports external auditors by coordinating information requests for PCI and SOC audits.
Work with Director of Compliance to prepare written audit reports.
Communicates with stakeholders regarding audit findings and relevant issues and manages periodic status meetings.
Delivers recommendations that provide management with insight into best practices and opportunities for increased efficiencies.
Performs vendor reviews and assists with vendor management and vendor audits, as needed.
Develops positive working relationships with management and control owners to foster an environment of open communications where Compliance is a trusted advisor.
Maintains knowledge of changes to best practices in IT process controls and auditing techniques to continuously improve internal compliance audit practices.
Education & Experience
Bachelor's degree from an accredited college or university required. Major in accounting or information technology field strongly preferred. CISA designation strongly preferred. Additional professional certifications (i.e. CISSP, CPA, CIA, CMS) and/or MBA desired.
At least 3 years of IT audit, information security or combination of roles with audit execution experience.