Senior IT Auditor at Barnes and Noble

Senior IT Auditor


Remote Job



Job Summary

The Senior IT Auditor is responsible for conducting internal system audits and provide insight on risk factors within the Barnes & Noble IT environment. The individual will assist in evaluating the Barnes & Noble IT General Control environment (ITGC) across all in scope SOX systems annually by testing and documenting IT general controls, application controls, and complimentary user entity controls (CUEC’s) for information systems integrity and transaction accuracy. The Senior IT Auditor will also provide guidance and coaching to control owners on enhancements that need to be made for ineffective controls from a design and operating perspective. In addition, this role will assist with the periodic reporting and tracking of all IT SOX activity to Internal Audit, Management and External Audit leaders.

Candidates must have direct hands-on experience in IT audits and functional experience in multiple technologies and have sound understanding of ITGC SOX requirements. This is a cross-functional role, working closely with all IT groups across Barnes & Noble, its subsidiaries and other functional teams to ensure controls and compliance requirements are clearly defined and implemented. Effective communication and technical leadership is critical to the success of this role. Candidates must fluently speak both technical and business language interchangeably and understand general accounting principles.

What You Do

Design and execute IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of ITGC’s in support of all in-scope applications for the annual financial statement audit including CUEC’s for third parties and document accordingly to support external audit requirements.
Assist in identifying and reporting internal control deficiencies and developing remediation efforts necessary to maintain an effective internal control environment over IT systems.
Assist project teams with creation and implementation of IT controls objectives.
Assist with the successful completion of the quarterly UAR (User Access Review) audit process.
Directly work with external IT auditors by providing them testing status updates and addressing comments when necessary pertaining to work papers and/or other related matters.
Interact with all levels of management and company employees, including 3rd party Service Providers
Perform or assist in the performance of special projects or studies, including risk assessments, fraud investigations, audit department policy updates, due diligence acquisition reviews, etc.

Knowledge & Experience

Certification or in progress to obtain one or more of the following CPA, CISA, CIA, or CISSP.
Understanding of internal control concepts and experience in applying them to plan, perform, manage and evaluate the design, effectiveness and adequacy of key system controls for business processes/areas/functions from an IT compliance perspective.
Experience in auditing information system logical access, change management, and operations.
Knowledge of control objectives for Information and Related Technology, Accepted Auditing Standards, Standards for the Professional Practice of Internal Auditing.
Ability to work independently as well as with team members when needed.
Strong analytical ability, including network and network systems design, capacity planning, operations methodology, error detection/resolution techniques, quality assurance techniques, and IT implementation and management methodologies.
Strong verbal and written communication skills, to effectively present to peers and management.
Exhibit the leadership skills needed to sell ideas and obtain management buy-in for constructive change.
Ability to travel to domestic locations as required roughly 10% of the time.
Undergraduate degree in computer science, networking, accounting, finance or a related field, or sufficient experience in public accounting, internal auditing, or other field that would provide the same basic knowledge.
A minimum of three years IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field for which Internal Audit has a need.