Senior IT Auditor

Job Summary:

The Senior IT Auditor position will provide internal audit and advisory services focused on the design and effectiveness of governance, risk management, and control activities supporting CSX’s information systems and technologies. This includes providing assurance over key risk areas such as cybersecurity, system implementations (including cloud migration), core IT processes and IT general controls (ITGCs) supporting SOX compliance. There will also be opportunities to participate in initiatives to improve departmental and company-wide systems and processes.

Primary Activities and Responsibilities:

• Perform pre-audit research and define risk-based scope, objectives, and audit procedures for assigned audits
• Conduct interviews, gather and evaluate appropriate audit evidence, perform analysis, and document appropriate information to support conclusions. Utilize data and technology tools, where appropriate, to enhance efficiency, coverage, and value of audit activities. Manage self and others to meet project objectives, budget and timelines while adhering to departmental and IIA standards for quality
• Identify, document, and prioritize issues and provide insights to management to aid in the development of corrective action plans
• Draft formal reports and memos to communicate observations and related action plans to department leaders and executives
• Perform follow-up inquiries and validation related to prior audit issues to ensure management is taking timely and appropriate corrective action
• Assist other internal audit teams with identifying significant IT risks within the scope of other compliance, financial, or operational audits including developing audit procedures and reviewing related audit documentation
• Support annual SOX program by performing ITGC walkthroughs, designing and executing control tests, and reviewing testing performed by others
• Participate in cross-functional teams and initiatives to continuously improve departmental and company systems and processes
• Maintain appropriate professional and ethical standards and certifications. Attend training and share knowledge on relevant IT topics

Minimum Qualifications:

• Bachelor’s degree from an accredited institution in a Technology or Business-related field
• Three or more years work experience in auditing, business/IT consulting, accounting, information systems/technology, risk management, or a related area
• Interest in pursuing one or more relevant professional certifications: IT audit (CISA), Information Security (e.g. CISM, CISSP, Security+, etc.) IT Governance and Risk Management (CGEIT, CRISC)

Preferred Qualifications:

In addition to meeting the above qualifications, any of the following are preferred:

• Master’s degree from an accredited institution in business administration, accounting, information systems/technology, or computer science
• Three or more years of experience in IT auditing at large public company or assurance/consulting firm
• Two or more years of experience in large-scale ERP implementation, cloud migration, or conversion/modernization of legacy systems
• One or more relevant professional certifications: IS Audit (CISA), Information Security (e.g. CISM, CISSP, Security+, etc.), IT Governance & Risk Management (CGEIT, CRISC)
• Technical proficiency in ACL / Diligent HighBond and Microsoft O365

Knowledge and Skills:

• Knowledge of common enterprise Technology platforms from legacy mainframe and to modern distributed and cloud environments
• Knowledge and skill in applying IT audit, governance, risk, and control concepts as well as common frameworks (COBIT, NIST CSF, NIST 800-53, CIS CSC, SOC/TSC 100, etc.)
• Knowledge of common cloud computing platforms and related risks (SaaS, PaaS, IaaS)
• Knowledge of significant technology processes and general controls
• Knowledge of tools and techniques to extract, normalize, and analyze complex data (e.g. SQL, ACL Analytics, Alteryx, Tableau, etc.)
• Skill in personal planning and project management including ability to maintain composure under pressure while meeting multiple deadlines
• Skill in effective verbal and written communications including active listening skills and skill in presenting findings and recommendations
• Skill in negotiating issues and resolving problems
• Ability to establish and maintain harmonious working relationships with co-workers, business partners, and other external contacts and to work effectively in a professional team environment

Leadership:

The CSX Leadership Model is the foundation of our Talent Strategy and is what drives CSX performance. CSX accordingly selects and develops talent based on each of the following: producing results, creating change, and inspiring excellence.

Job Requirements:

• Work hours may vary in length and schedule, work hours may include a nonstandard workweek

About CSX:

CSX, based in Jacksonville, Florida, is a premier transportation company. It provides rail, intermodal and rail-to-truck transload services and solutions to customers across a broad array of markets, including energy, industrial, construction, agricultural, and consumer products. For nearly 190 years, CSX has played a critical role in the nation’s economic expansion and industrial development. Its network connects every major metropolitan area in the eastern United States, where nearly two-thirds of the nation’s population resides. It also links more than 240 short-line railroads and more than 70 ocean, river and lake ports with major population centers and farming towns alike. More information about CSX Corporation and its subsidiaries is available at www.csx.com. Like us on Facebook and follow us on Twitter.

Closing Statement:

At CSX, two of our five Guiding Principles are Valuing and Developing Employees as well as Operating Safely. We are committed to offering our team members the most competitive compensation and benefits package available, unlimited opportunities for development and growth throughout an exciting and rewarding career, and the safest work environment possible.

CSX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Click here to view the EEO is Law poster. Here Click here to view the OFCCP pay transparency provision information. Here

CSX Transportation and its subsidiaries are not seeking outside assistance or accepting unsolicited resumes from staffing agencies or search firms for employment or contractor opportunities. Any resumes submitted by an outside vendor to any employee at CSX via e-mail, Internet, or directly to hiring managers without a valid written search agreement in place with the Talent Acquisition / HR department will be deemed the sole property of CSX. No placement fee will be paid in the event a candidate is hired as a result of the referral, or through other means.