The Hershey Company

IT Audit Analyst

The Hershey Company

full-time

Posted on:

Location Type: Office

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber SecurityERP

About the role

  • Perform real-time systems implementation readiness assessments
  • Effectively perform assigned procedures to evaluate go-live readiness for each key module of Hershey’s ERP implementation (and subsequent Tier 1/2/3 systems implementations)
  • Effectively communicate with Hershey IT and Business personnel to articulate the objectives of audit assessments, obtain required process understandings/documentation, align on identified risks/impact, and positively influence risk remediation via proposed recommendations.
  • Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to enable delivery of readiness assessments included within the Audit Plan.
  • Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
  • Summarize the results of assigned go-live readiness assessment procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership utilized to inform go-live decisions.
  • Support SOX 404 Compliance
  • Facilitate compliance throughout assigned key business units and functions with standards of internal control over financial reporting promulgated by the Sarbanes-Oxley Act of 2002 through effectively executing assigned SOX 404 tests of controls.
  • Execute quarter and annual management assistance and External Audit support requests and testing requirements.
  • Provide technical support to end users of the SOX 404 Application (Workiva).
  • Perform Vulnerability, Infrastructure & Application Security Audits
  • Effectively execute assigned procedures to perform external vulnerability and internal infrastructure/application security assurance reviews leveraging IT audit experience and technical knowledge gained via CISA and/or CRISC certifications.
  • Document results of audit procedures in the form of audit working papers which comply with IIA standards.

Requirements

  • Bachelor's Degree in Accountancy, Information Security, Management Information Systems, or Other Related field
  • Experience in IT general controls, application controls and/or other assurance services
  • Minimum of 2 years direct experience in IT Audit specifically Cybersecurity
  • Must have experience in ITGC (IT General Controls – change management controls, access security/security management or IT operations), Application Controls
  • Must have strong verbal and written English Communication skills with a structured manner of thinking/communication
  • Must have strong executive presence and capability to lead presentations with C Suite Level stakeholders across different regions.
  • Possesses the confidence to establish their authority/credibility to cross cultural and cross functional teams across the globe
  • Must be willing to travel at least 3 to 4 times annually for onsite audit projects
  • Experience in Sarbanes Oxley/SOX Compliance (IT) is preferred but not required
  • Experience in SOC 1 reviews/audits, Pre/Post-implementation Reviews, Vulnerability Assessment, Penetration Testing is preferred but not required
  • CPA (Certified Public Accountant) or CISA (Certified Information Systems Auditor) is preferred but not required
Benefits
  • Professional development opportunities
  • Health insurance
  • 401(k) matching
  • Paid time off
  • Remote work options
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
IT general controlsapplication controlsITGCCybersecurityVulnerability AssessmentPenetration TestingSOX 404 Complianceexternal vulnerability auditsinfrastructure security auditsapplication security audits
Soft Skills
verbal communicationwritten communicationexecutive presenceleadershipcross-cultural communicationinfluencingstructured thinkingpresentation skillscollaborationrisk remediation
Certifications
CISACPA