Kansas City Southern Railway
Receive alerts when this company posts new jobs.
Sr. IT Auditor
at Kansas City Southern Railway
The Sr. IT Auditor will be a key contributor and leader in conducting internal IT audits for the organization. This position is responsible for: planning, executing and reporting on all aspects of technology audits throughout the organization and its subsidiaries; using data and analytics to support audit observations; and developing recommendations that add value to the business. The Sr. IT Auditor will build upon and broaden their business and technical knowledge through exposure to the entire organization and frequent interactions with all levels of management.
- Completes the planning, testing and reporting phases of IT audits under the direction of the Audit department management on time and within budget.
- Utilizes a risk-based approach and evaluates the following items when performing audits:
- The economy and efficiency with which resources are employed and the quality of performance in carrying out assigned responsibilities.
- The integrity and reliability of IT systems to identify, measure, classify and report information.
- The effectiveness of management controls designed to safeguard company resources.
- The application of general business and audit concepts to the needs of the organization.
- Compliance with relevant regulatory requirements, industry practices, and/or company procedures.
- Obtains and documents an understanding of the IT processes, risks and controls for lower risk and less complex audits.
- Utilizes data, analytics and available tools to enhance audit coverage and add value to the business.
- Prepares accurate and well-written work paper documentation in accordance with department and professional standards for Audit department management to review prior to release and communication of audit recommendations to management.
- Summarizes audit observations and develops practical recommendations. Drafts audit reports that effectively communicate audit observations and recommendations to both technical and non-technical audiences.
- Participates in financial and operational audits by evaluating and testing relevant IT controls within the scope of these reviews.
- Performs IT audit activities related to the company’s Sarbanes-Oxley compliance requirements. Provides expertise and assistance to external auditors and other outside firms as necessary.
- Monitors the budgets and timelines of assigned projects, and provides regular status updates to Audit department management.
- Implements the latest audit techniques to continually improve the audit process.
- Assists with tracking the results of prior audits and determining if appropriate corrective action has been taken regarding significant risks or concerns.
- Builds and maintains relationships with business partners at all levels. Provides advice and shares knowledge with these business partners to strengthen governance, risk and control environments and to improve processes efficiency and effectiveness.
- Exemplifies KCS Vision, Values, and Culture in each and every interaction with team, clients, and stakeholders.
- Bachelor's degree in a relevant discipline, preferably Management Information Systems, Computer Science, Business, Finance or Accounting
- Three (3) or more years of internal or external IT audit experience, preferably including SOX IT General Controls testing, or an equivalent amount of direct IT experience
- Or equivalent combination of education and experience
- Graduate degree in a relevant discipline, preferably Management Information Systems, Computer Science, Business, Finance or Accounting
- Experience leading internal or external IT audits
- Knowledge of common internal audit standards and IT audit practices
- Understanding of recognized IT Governance Frameworks such as: COBIT, ITIL, ISO/IEC (17799, 20000 series, 27000 series), NIST (800 series, Cybersecurity), etc.
- Prior railroad or transportation experience
- Experience with some or all of the following systems:
- SAP enterprise resource planning system
- Active Directory
- Operating Systems (Windows Server, UNIX/Linux)
- Databases (DB2, Oracle, SQL Server)
- Networking devices
- IT Security experience
- Exposure to reading and understanding program code and queries/scripts
- One or more professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), or similar certifications
- Use proficient computer skills (including word processing, spreadsheets, flowcharting and presentation tools) to perform and monitor assigned projects.
- Utilize ACL, Tableau, Power BI, spreadsheets, databases, and/or other Computer Assisted Audit Tools and Techniques (CAATTs) to perform data mining and analysis.
- Exhibit proficient analytical skills (qualitative and quantitative) to analyze complex data/information and process it into meaningful conclusions.
- Identify and assess processes, risks, controls and evaluate the root cause and business impact of identified issues.
- Demonstrate excellent communication skills (oral and written) and an ability to articulate information in a clear and concise manner.
- Display effective writing skills when drafting materials such as reports, business correspondence, procedure manuals, etc.
- Apply effective project management and time management skills to complete assigned projects on time and within budget.
- Leverage relationship building and influencing skills to obtain necessary information and to discuss audit observations and recommendations with management.
- Exhibit organizational skills, problem solving capabilities and an acute attention to detail when performing assigned projects and documenting work papers.
- Work with limited supervision and manage workloads to meet requirements and deadlines of the position.
- Adapt and react effectively to ambiguous, changing and/or difficult situations.
- Read and interpret complex documents (e.g., industry publications, technical procedures, governmental regulations) when gathering information for assigned projects.
- Present information to small and large groups and to all levels of the organization.
- Work effectively with others using a collaborative approach with open communication and idea sharing.
The duties listed are representative of the job; however, it in no way states or implies that these are the only duties a person may be required to perform. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or is an essential function of the position.
We are proud to be an EEO/AA employer/Veteran/Disabled. We maintain a drug-free workplace and perform pre-employment substance abuse testing.