Sr. IT Auditor - Controls Assurance Audit Team

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

Summary of This Role

The Senior IT auditor will be responsible for managing the execution of SOC1 and SOC2 audits over the Issuing business’ cloud-based products and services as part of the company’s SOC project portfolio. This position will also play a key role in the execution of the related mainframe SOC 1 and SOC 2 reports (8 annual reports for core and small subsidiary businesses in the US and international markets). As a liaison for external auditors that issue the reports and internal IT and business teams, the Senior Auditor ensures comprehensive project management and execution of the SOC 1 & SOC 2 audit requirements as well as, in coordination with the SOX IT Audit program manager, elements of the company’s SOX IT program.

What Part Will You Play?

• Works with internal business leaders to understand the current mainframe, distributed, and AWS cloud environments to document controls in support of SOC and SOX scope.

• Works with external audit firms to ensure documented controls meet SOC 1 and SOC 2 framework requirements.

• Works with the CA team to lead testing (including both executing and reviewing control testing)  of new controls in alignment with Internal Audit (Audit Services Group/”ASG”) and Controls Assurance testing and documentation standards.

• Works with existing Controls Assurance team members to assess the current control environment as translated into the new cloud environment to ensure consistent control coverage between current and future state.

• Fosters and maintains strong relationships throughout the company to support audit execution responsibilities. Viewed as a partner with IT and business leaders to understand the business and assist in designing and delivering the required audit services to meet business, customer, and regulatory requirements.

• Establish trusted relationships to support delivery of effective, successful, and well-received audit services. Considered a go-to leader within the organization regarding risk and control matters. 

• Ensures SOC reports support our customers' use of Global Payments (TSYS Issuing) solutions by understanding Global Payments businesses and the integration of product/service, operations, and technology that impact internal controls supporting our client’s financial, data processing, and information security environments.

• Conduct assurance reviews and audits to evaluate the design and effectiveness of controls supporting the company’s business processes and information systems.   

• Lead and execute all aspects of the audit process, including planning, risk assessment, controls identification, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members. 

• Understand business and IT processes to identify risks and evaluate internal controls.  

• Document thorough understanding of business processes, including the role of technology in supporting the process.  Effectively perform testing of automated business process controls and IT general controls.

• Identify new and assess existing information technology control design and operating effectiveness, particularly related to application and infrastructure logical access, change management, and operations, as well as more common information security considerations.

• Evaluate root cause factors, extent of risk, and mitigating/compensating controls for audit testing exceptions and work with internal leaders to craft management responses for SOC reporting.. 

• Provides first level of detail review of work paper documentation to ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines. 

• Partners with the project manager to assess the adequacy of the corrective action(s) taken by management, stakeholders, or process owners to improve governance, risk management, and control issues.

• Tracks and reports project status and milestones to project leadership and/or management. 

• Discusses audit results, their impact and recommendations for corrective actions with the project manager, external audit partners, and/or management.

• Build and develop Audit Services Group’s brand within the company through meaningful relationship building.  

• Coordinate audit activities with management, co-source providers and external auditors.   

• Enable continuous improvement of the Audit Services Group by identifying and communicating enhancement opportunities to department leadership. 

• Support the development of other team members within the Audit Services Group. 

What Are We Looking For in This Role?

Minimum Qualifications

• 3-5 years of relevant audit and risk management experience. 

• Knowledge of auditing principles and practices, and the analysis and reporting of audit information. knowledge of IPPF Standards, IIA best practices, auditing principles and practices, as well as the analysis and reporting of audit information. 

• Bachelor’s degree in Accounting, Auditing, Business Management, Information Technology, or other similar degrees. 

• Significant experience and expertise with common internal control frameworks and guidance, including Sarbanes-Oxley, SSAE 18 (SOC 1 and SOC 2, both type 1 and type 2 reports), and 2017 AICPA Trust Services Criteria for a SOC 2. 

• CIA, CISA, CISM, CISSP, CCAK, CPA, or other relevant certification(s).

• Big Four audit experience preferred.

• 10-15% travel requirement, including some international travel.

Preferred Qualifications

• Experience with multiple internal control frameworks, including NIST, Cloud Controls Matrix, AWS Cloud Adoption Framework, COBIT, FFIEC, PCI-DSS, ISO27001, and ITIL

• Big Four or similar firm audit experience.

• Card Issuing, Payment Processing, Financial Services industry, Merchant Acquiring, and Consumer and Business Financial Solutions experience

What Are Our Desired Skills and Capabilities?

• Audit and/or consulting experience in all these areas:

  • Cloud security framework auditing (specifically as related to AWS)

  • Mainframe auditing, including IT infrastructure design, management, operations, and security

  • Mainframe modernization program management and auditing

  • SOC 1 and SOC 2 requirements, project management, control testing, and best practices

  • SOX IT control testing and regulatory requirements

  • Information and data security for payment card data and publicly-identifiable information

  • General IT control testing, including IT infrastructure design, management, and operations

  • Operational and financial control testing 

• Ability to work in a complex, fast-paced, and dynamic environment.

• Ability to identify controls and create and execute test plans with little to no prior year documentation for newly identified controls. 

• Ability to think dynamically about ad-hoc reporting and project oversight deliverables to create meaningful reporting for internal leadership and external clients.

• Demonstrates project management and execution skills, including prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.

• Strong communication and presentation skills with an ability to tailor communications to different audiences.

• Prepare clear, concise, and accurate documentation and audit reports.

• Pursue work with enthusiasm, energy, drive, and team collaboration.

• Establish and build effective and trusted relationships.

• Collaborate with management and senior leadership to strengthen the company’s internal controls and processes.

• Partner with ASG team members to adopt and optimize audit processes and technology.

• Proactively communicate issues with ASG, external audit, and internal stakeholders and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact [email protected].