Apply on Employer Site

CarMax · 1 day ago

Principal Technology Auditor

Corporate - Richmond

Full-time

Hybrid

Lead/Staff

8+ years exp

CarMax is the nation's largest retailer of used cars, and they are seeking a Principal Technology Auditor to support their Audit Services team. This role involves leading high-impact technology audits, providing risk management support, and mentoring other auditors while collaborating with various teams to enhance risk awareness and controls.

AutomotiveMarketplaceOnline Portals

No H1B

Responsibilities

Execute and lead high-impact technology audits and reviews of various regulatory, operational and/or technological processes and controls, including integrated audits

Consult with a risk-based mindset across the organization to provide clear, strategic insights, guidance, and assurance to senior leaders throughout pre-implementation reviews, company initiatives, and other process and system enhancements as requested by the business; ensure controls are implemented to mitigate risks (operational, regulatory, reputational, strategic, and financial risk)

Focus on areas of higher complexity, where deep experience and technical expertise is warranted, without close supervision or direction from CAS management

Partner with technology and initiative teams to stay informed on new product pipelines and initiatives, evaluate risks, and provide guidance on controls

Use and develop critical tools such as risk assessments, audit programs, and testing/review procedures so you can identify risk, tailor work appropriately, reach conclusions, and explore solutions

Lead and execute fieldwork to prepare high-quality workpapers summarizing procedures performed

Maintain strong business relationships and coordinate cross-functionality to align on risk, scope of work and results

Promote innovative and forward-looking problem solving to target root cause; provide recommendations contributing to operational excellence

Leverage your creativity to organize and present key project information through a variety of communication methods and tools, focusing on high-impact, high-value deliverables

Serve as a technical SME across the Audit Services department and provide highly technical expertise and guidance to Audit Services team members as it relates to specific technologies and audit techniques

Help lead the research and analysis of emerging technology and technology/cyber/data-related regulatory standards. Partner with technology management and other business partners to assess the impact of the technologies, tools and changing regulations (as applicable) on Audit Services and CarMax

Support the development and execution of training materials/content within the department and to external business partners, as needed to help implement the team’s strategic priorities

Provide technical knowledge and direction in the assessment of risk and development of audit scoping for very complex projects

Champion a culture of risk awareness and internal controls. You will provide innovative and value-added insights to drive improved process efficiency and effectiveness for CarMax

Stay abreast of key changes, trends, and best practices within CarMax, the audit profession, the technology industry, and relevant regulatory environment. Support the development of other CAS associates in emerging technology/risk areas to grow and mature the Audit Services team

Take a lead role in department initiatives to identify efficiencies and improvements in work execution and internal processes

Qualification

Information systems auditingTechnology risk managementCertified Information Systems AuditorCybersecurity regulationsRisk assessmentsAgile methodologiesControl frameworksProject managementAnalytical skillsCommunication skillsTeamworkMentoringProblem-solvingCreativity

Required

Bachelors degree, preferably in Computer Science, Accounting Information Systems, Accounting/Finance, or other related business field

8+ years of information systems auditing experience or technology risk management/consulting experience, preferably at a large consulting firm or public company

Previous experience leading internal audit engagements, including project management capabilities

Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC)

Significant experience with the following areas, with limited to no oversight: performing risk assessments, scoping activities, test planning, and walkthroughs in support of complex IT audit projects

Assessing the design and operating effectiveness of technology controls, including testing complex ITGCs across a variety of technologies/systems and across all layers of technology to include the application, operating system, and database

SOX 404

Evaluating processes to identify controls and the associated system dependencies; proven ability to clearly document and articulate such information to other stakeholders

Performing system development and implementation reviews, including experience with Agile methodologies

Testing business process automated controls, and testing completeness and accuracy of reports and system integrations

Experience working with complex technology systems and processes; proven experience summarizing complex information into easy-to-understand pieces

Working knowledge and experience with cybersecurity and privacy regulations; ability to summarize evolving regulations, industry trends, and risks and the impact to CarMax

Strong knowledge and demonstrated ability to apply control and technology frameworks and methodologies (e.g., COSO, COBIT, NIST, ISO)

Strong understanding of traditional and emerging technology domains, including cybersecurity, privacy, data governance, cloud, infrastructure, networking, data warehouses, integration strategies, IT operations, IT risk management, and IT governance

Experience with tools and technologies to facilitate fieldwork (SQL, Alteryx, Python, etc.)

Preferred

Use of robotic process automation (RPA) and artificial intelligence (AI) to enhance audit efficiency, improve risk detection, and deliver actionable insights