Senior Auditor, IT Governance
The person in this position is responsible for leading work related to information systems assurance, including audits of networks, systems, applications, platforms, databases, and operating procedures in accordance with established auditing standards. He or she will take a leadership role in determining the effectiveness of the information systems and security controls to properly secure and safeguard the Information Technology infrastructure and information assets. This person will also engage in audits of significant systems to attest on the effectiveness and adequacy of the system’s data processing and security controls.
The successful candidate will also conduct risk assessments and evaluations of the company’s IT infrastructure and processes to determine the adequacy of current controls to detect and prevent unauthorized activities and whether those controls properly reduce the company’s risk to an acceptable level. This person will provide expertise in audit related work, including Sarbanes-Oxley, IT General Controls, PCI, and COSO.
- Works closely with internal, external, and regulatory auditors in the performance of scheduled audit activities.
- Takes a leadership role in the performance of periodic risk assessments of all IT-related company functions in order to recommend appropriate audit projects as part of the audit planning process.
- Leads the assessment of new processes, systems, and projects to ensure appropriate due diligence has been performed.
- Documents and consults with management on internal controls for significant company initiatives.
- Acts as a consultant for business owners in the areas of governance, risk, and compliance to ensure best practices are understood and followed.
- Examines evidence to verify accuracy and compliance with policies, procedures, and acceptable standards.
- Performs risk-based integrated audit procedures on scheduled projects in a timely, efficient, and professional manner.
- Provides opinion on whether the company’s IT procedures and controls meet regulatory standards and other compliance requirements.
- Some travel up to 25% is expected.
- Regular attendance in conformance with standards
- May be required to work varying schedules to reflect business needs
- Required to attend all training sessions and meetings
- Ability to perform “Physical Requirements” as explained below
Supportive Functions and Responsibilities
- Prepares and reviews audit work papers that accurately and sufficiently document audit tests performed, in accordance with company guidelines and professional standards
- Drafts and reviews written reports which accurately describe results of tests performed and the nature of control weaknesses and exposures; express an opinion on the adequacy of internal controls and overall procedures; and identify practical recommendations for improvements.
- Performs special reviews/projects as requested.
- Implements computer-assisted audit techniques and practices auditing by exception techniques to improve audit effectiveness and efficiency.
- Contributes to the drafting and review of policies and procedures as required.
- Other duties as assigned
The individual must possess the following knowledge, skills and abilities and be able to explain and demonstrate that he or she can perform the essential functions of the job, with or without reasonable accommodation:
- Ability to work cooperatively with others.
- Ability to maintain confidentially.
- Ability to read, write and speak English effectively.
- Ability to communicate effectively, both written and verbally.
- Ability to work effectively, maintain composure and make decisions in stressful situations.
- Working knowledge of internal control concepts.
- Demonstrated ability to clearly document and evaluate the internal controls present in the manual and automated systems being reviewed while identifying internal control strengths and weaknesses.
- Ability to observe a business process and document it accurately and completely, including the identification of risks, controls and weaknesses.
- Solid foundation in technology and security with the ability to recognize when theoretical concepts should be applied to areas assigned.
- General awareness of other departments in the company with risk, control, and governance responsibilities and ability to understand handoffs between the IT audit function and those areas.
- Thorough academic understanding in the areas of information systems audit, internal control reviews, and application control reviews.
- Proficiency in windows-based computer programs to include e-mail, internet, spreadsheet, diagram and process flowcharting, and word processing applications.
Education: Bachelor’s degree in technology, finance, or related field or the equivalent combination of education, training, and work experience.
Experience: At least 5 years of experience developing and/or validating IT general controls. 1-2 years customer-facing work experience in a hospitality environment preferred. Experience with Sarbanes-Oxley, IT General Controls, PCI, COSO, SANS Top 20, and the NIST Cybersecurity Framework is preferred.
Licenses or Certificates: One or more relevant professional certifications, such as CISA, GCCC, or CISM greatly preferred. Additional certifications such as CFE and CIA will be considered as well.
Loews Hotels is a vibrant collection of one-of-a-kind hotels with distinct personalities. Each hotel and resort offers high-quality accommodations, impressive surroundings, personalized service, and thoughtful amenities for a luxurious guest experience. As a company we care about our guests, our community and our team members.
Headquartered in New York City, Loews Hotels manages properties in most major markets in the U.S. and Canada. Each property goes beyond Four Diamond standards to provide guests with a supremely comfortable, uniquely local travel experience at a great value. Loews Hotels boast prime locations in the cities of New York, Washington DC, Denver, Los Angeles, Nashville, Philadelphia, Annapolis, Montreal, and Quebec City, as well as world-renowned vacation destinations such as Miami's South Beach, Universal Orlando, New Orleans, Tucson, St. Pete Beach, and California's Coronado Island. Loews has established some of the industry's most innovative and successful travel programs, including Loews Loves Kids for families and Loews Loves Pets for discerning animals on the road.
At Loews Hotels, our team members' commitment to our guests and dedication to our communities is cherished. We seek genuine individuals who are able to engage and delight our guests by providing Four Diamond AND MORE service. We invest in training and development opportunities for all team members, so they may grow and develop as individuals. We embrace diversity at our core and offer the opportunity for all team members to reach their potential as professionals. At Loews Hotels, we seek to create a dynamic culture that makes work interesting, challenging, fulfilling and fun.
As part of our commitment to our team members, Loews Hotels is proud to offer competitive compensation and benefit plans tailored to each marketplace. These include:
- Pay that meets or exceeds area standards
- Retirement (401-K) and incentive plans
- Medical and dental coverage
- Short and long-term disability
- Life insurance
- Holiday and vacation pay
- Team member assistance plans
- Career development programs
- Tuition reimbursement programs
Loews Hotels is an Equal Opportunity Employer committed to a diverse work culture, M/F/D/V