Senior IT Internal Compliance Auditor

Brand

Description

JOB SUMMARY:

The Senior Information Technology (IT) Compliance Analyst will participate in overseeing, scheduling, and executing all aspects of the annual IT SOX 404 audit and PCI assessment. In addition, will perform audits of security policies and procedures throughout the fiscal year as time allows.

ESSENTIAL FUNCTIONS:

This position will work closely with internal and external audit partners and department subject matter experts in requesting, reviewing, and providing control artifacts for SOX 404 and PCI compliance audits.

Candidate will also (among other tasks):

• Assist in planning and scheduling SOX 404 and PCI walkthrough meetings and other sessions as needed
• Review and update or create new IT internal controls as required
• Schedule and perform application user access reviews on all identified applications on a semi-annual basis
• Oversee and review work product performed by junior compliance analyst(s)
• Ensure that no segregation of duties exist with users access levels within and across applications
• Track management responses and perform remediation follow up until task completion
• Assist in establishing and automated IT audit program utilizing our GRC application
• Audit IT security policies and procedures on a regular cadence
• Provide audit finding reports to management

ADDITIONAL INFORMATION

Performs special projects, and additional duties and responsibilities as assigned.

This role is highly integrated into the Information Security and Compliance department. The candidate will be exposed to many information security technologies and techniques. Consequently, the candidate should demonstrate a strong interest in maintaining knowledge and skills in Information Technology / Information Security/Auditing and related areas such as technology infrastructure, cloud computing, software development, operating systems, networks, database management systems,

process automation, and cybersecurity.

EDUCATION AND EXPERIENCE:

Degree in information technology, information systems, or IT risk and control related discipline. Prior work experience in IT SOX 404 audits and PCI Assessments is required.

CISA or CISSP credentials preferred.

KNOWLEDGE, SKILLS, ABILITIES:

• Highly motivated, self-directed individual with the ability to work independently and in team environments
• Excellent interpersonal, written and oral communication skills, including the ability to work with all levels of staff and management.
• Detail oriented in documenting work performed in the preparation of work papers, spreadsheets and Word documents, audit reports.
• Proficient in MS Office tools including Microsoft Excel, Word and Visio.
• Strong understanding of Excel formulas and functions
• Solid data analytical skills in identifying and understanding relationships between data sets
• Utilize Project Management Skills for schedule planning and resource assignment
• Ability to handle multiple tasks simultaneously and meet established deadlines
• Ability to quickly learn and adopt to different and changing environments
• Any experience with GRC (Governance, Risk and Compliance) applications a plus

TRAVEL:

Occasional travel to brands offices may be required during audit periods

MINIMUM WORK EXPERIENCE:

3 to 5 years of related professional experience.

Requirements

JOB SUMMARY:

The Senior Information Technology (IT) Compliance Analyst will participate in overseeing, scheduling, and executing all aspects of the annual IT SOX 404 audit and PCI assessment. In addition, will perform audits of security policies and procedures throughout the fiscal year as time allows.

ESSENTIAL FUNCTIONS:

This position will work closely with internal and external audit partners and department subject matter experts in requesting, reviewing, and providing control artifacts for SOX 404 and PCI compliance audits.

Candidate will also (among other tasks):

• Assist in planning and scheduling SOX 404 and PCI walkthrough meetings and other sessions as needed
• Review and update or create new IT internal controls as required
• Schedule and perform application user access reviews on all identified applications on a semi-annual basis
• Oversee and review work product performed by junior compliance analyst(s)
• Ensure that no segregation of duties exist with users access levels within and across applications
• Track management responses and perform remediation follow up until task completion
• Assist in establishing and automated IT audit program utilizing our GRC application
• Audit IT security policies and procedures on a regular cadence
• Provide audit finding reports to management

ADDITIONAL INFORMATION

Performs special projects, and additional duties and responsibilities as assigned.

This role is highly integrated into the Information Security and Compliance department. The candidate will be exposed to many information security technologies and techniques. Consequently, the candidate should demonstrate a strong interest in maintaining knowledge and skills in Information Technology / Information Security/Auditing and related areas such as technology infrastructure, cloud computing, software development, operating systems, networks, database management systems,

process automation, and cybersecurity.

EDUCATION AND EXPERIENCE:

Degree in information technology, information systems, or IT risk and control related discipline. Prior work experience in IT SOX 404 audits and PCI Assessments is required.

CISA or CISSP credentials preferred.

KNOWLEDGE, SKILLS, ABILITIES:

• Highly motivated, self-directed individual with the ability to work independently and in team environments
• Excellent interpersonal, written and oral communication skills, including the ability to work with all levels of staff and management.
• Detail oriented in documenting work performed in the preparation of work papers, spreadsheets and Word documents, audit reports.
• Proficient in MS Office tools including Microsoft Excel, Word and Visio.
• Strong understanding of Excel formulas and functions
• Solid data analytical skills in identifying and understanding relationships between data sets
• Utilize Project Management Skills for schedule planning and resource assignment
• Ability to handle multiple tasks simultaneously and meet established deadlines
• Ability to quickly learn and adopt to different and changing environments
• Any experience with GRC (Governance, Risk and Compliance) applications a plus

TRAVEL:

Occasional travel to brands offices may be required during audit periods

MINIMUM WORK EXPERIENCE:

3 to 5 years of related professional experience.

About Us

About 1-800-FLOWERS.COM, Inc.

1-800-FLOWERS.COM, Inc. is a leading provider of gifts designed to help customers express, connect and celebrate. The Company's e-commerce business platform features an all-star family of brands, including: 1-800-Flowers.com®, 1-800-Baskets.com®, Cheryl's Cookies®, Harry David®, PersonalizationMall.com®, Shari's Berries®, FruitBouquets.com®, Moose Munch®, The Popcorn Factory®, Wolferman's Bakery®, Vital Choice®, Stock Yards® and Simply Chocolate®. Through the Celebrations Passport® loyalty program, which provides members with free standard shipping and no service charge across our portfolio of brands, 1-800-FLOWERS.COM, Inc. strives to deepen relationships with customers. The Company also operates BloomNet®, an international floral and gift industry service provider offering a broad range of products and services designed to help members grow their businesses profitably; Napco℠, a resource for floral gifts and seasonal décor; DesignPac Gifts, LLC, a manufacturer of gift baskets and towers; and Alice's Table®, a lifestyle business offering fully digital live streaming floral, culinary and other experiences to guests across the country. 1-800-FLOWERS.COM, Inc. was recognized among the top 5 on the National Retail Federation's 2021 Hot 25 Retailers list, which ranks the nation's fastest-growing retail companies, and was named to the Fortune 1000 list in 2022. Shares in 1-800-FLOWERS.COM, Inc. are traded on the NASDAQ Global Select Market, ticker symbol: FLWS. For more information, visit 1800flowersinc.com or follow @1800FLOWERSInc on Twitter.