Manager, Internal Audit (Technology)

About the Internal Audit Team

The Internal Audit department is responsible for evaluating the company’s internal controls, safeguarding company assets, and identifying opportunities to increase operational efficiency. The IA department is independent of all operations and therefore derives authority from the WSI Audit & Finance Committee. On a day-to-day basis, administrative oversight is provided by the Chief Financial Officer.

Role Summary

The Manager, Internal Audit (Technology) is responsible for leading and executing risk-based audits with a strong focus on SOX compliance, internal controls, cybersecurity, and technology risks. This role partners closely with Internal Audit, IT, Information Security and Compliance, and Finance to assess risks, evaluate controls, and drive continuous improvement across the organization’s technology environment.

Key Responsibilities

• Conduct technology, operational, financial and compliance control assessments and audits per the annual audit plan. Leverage available tools to drive high value audits, including designing and executing tests of control design and effectiveness.
• Lead audit engagements end-to-end, including planning, execution, and reporting, ensuring quality, timeliness, and alignment with internal audit standards.
• Ensure leaders of the areas under review are advised of timing, scope and nature of audit.
• Works with senior leaders to obtain their input and align audits on areas with organizational priorities and risk considerations.
• Execute  risk-based internal audits across cybersecurity, cloud, data, and emerging technologies and SOX by assessing the design and operating effectiveness of IT general controls, application controls, and key automated processes. Identify control gaps, evaluate technology and cyber risks, and deliver clear, actionable control recommendations that strengthen compliance, security, and the overall control environment.
• Evaluate compliance with relevant frameworks like COSO,COBIT, NIST, ISO 27001.
• Test controls related to emerging technologies (cloud computing, ERP systems, data analytics, automation, cybersecurity).
• Support audits related to data privacy, third-party risk, and business continuity / disaster recovery.
• Effectively communicate the results of audit projects. Prepare and maintain written observations and other relevant information to substantiate conclusions.
• Perform periodic follow-up reviews to assess and report on progress or completion of management's corrective actions in response to internal audit observations and recommendations.
• Provide ongoing recommendations to minimize financial, operational, and compliance risk. Deliver audit findings and manage open audit issues through resolution.
• Serves as the day-to-day liaison with key stakeholders to ensure open lines of communications are maintained and audit objectives are met.
• Lead audit engagements end-to-end, including planning, execution, and reporting, ensuring quality, timeliness, and alignment with internal audit standards.

Qualifications

• 5–7 years of experience in assessing technology, operational and financial controls. Retail experience a plus.
• Strong IT audit, internal audit with heavy focus on technology risk and controls.
• Demonstrated ability to assess risk and perform audits across a diverse retail technology stack, including cloud platforms, digital commerce, data apps, and enterprise applications.
• Experience auditing SOX ITGC, application controls, cybersecurity and cloud platforms.
• Solid understanding of ERP systems (e.g., Oracle, NetSuite)and key business applications
• Experience utilizing and performing audits with GRC platform (Audit Board SOXHUB, ServiceNow GRC preferred)
• Strong analytical, problem-solving, and project management skills. Able to prioritize effectively and communicate delays timely. Driven, organized, and detail oriented.
• Excellent written and verbal communicator. Documents clear, accurate, and detailed reports, workpapers, and process flows. Easily conveys complex concepts to diverse audiences.
• Experience in external / internal audit; prior Big 4 or similarly large public accounting firm experience strongly preferred.
• Bachelor’s degree with concentration in Tech; CISA preferred.
• Demonstrated experience leading audit engagements and managing stakeholder relationships at a senior level.