IT Auditor II

This position will be responsible for assisting in the development and execution of the CarMax internal audit plan. This responsibility includes determining internal audit scope, performing audit procedures and preparing audit reports reflecting the results of the work performed for review by management and the Audit Committee. Work will be performed under the supervision of the Senior IT Internal Auditor or other Internal Audit management. Work performed will include SOX 404, system implementation, operational and compliance audits and other special projects. The work performed will better ensure accuracy of financial information, effective internal controls and compliance with company policies and the CarMax System Development Methodology.
With guidance from senior auditor, and sometimes manager, perform audits of internal control over financial reporting for management assessment under Section 404 of the Sarbanes-Oxley Act (“SOX”); includes meeting with different departments to understand key business and IT processes, testing of key automated controls, reports, and IT general controls and making recommendations for improvements in internal controls

With guidance from senior auditor, and sometimes manager, perform system implementation audits, including reviewing project objectives, assessing business process designs and testing compliance with the CarMax System Development Methodology

Perform operational and compliance audits or special projects, including integrated audits with the Financial audit team


The ideal candidate has the following educational qualifications and professional experience:
•Bachelor degree in Accounting, Information Systems or other related degree
•Certified Information Systems Auditor (“CISA”), or in the process of obtaining the CISA preferred
•Minimum of 2 years of information systems auditing experience, preferably with a public accounting firm or publicly held company
•Experience with internal control and compliance, including IT general controls, information technology system security, application, operating system, database, system development and implementation audits, and other operational IT audits
•Experience with SOX 404 compliance and risk-based auditing
•Understanding of traditional and emerging technology domains, including cybersecurity, cloud, infrastructure, IT operations, and IT risk management is preferred
•Understanding of COSO and COBiT
•Retail industry and/or financial services knowledge and experience is preferred
•Experience with data analytics and with SQL Assistant and Tableau is preferred
•Leadership qualities including ability to motivate and/or persuade others (including associates in Internal Audit and business partners across the organization)
•Effective planning and project management skills
•Strong time management skills
•Ability to perform multiple projects concurrently to meet deadlines
•Ability to work in a team setting as well as independently

LANGUAGE SKILLS:
•Excellent interpersonal, written and verbal communication skills
•Strong attention to detail
•Ability to interact effectively with various levels of management and the operational areas
•Ability to create appropriate written reports and process narratives
•Ability to prepare appropriate workpaper documentation evidencing procedures performed
•Effective presentation skills
•Ability to express and explain clearly and effectively
•Ability to analyze and inquire clearly and effectively (know what to ask)