Information Systems & Compliance Auditor

The Information Systems & Compliance Auditor provides self-directed and objective assurance services to establish the design and operating effectiveness of key controls and validation of compliance with Southeast Toyota Finance policies and procedures, federal and state regulations, and other client, regulatory, or legal guidelines relevant to our core business. The Information Systems & Compliance Auditor will work closely with operational teams and senior management to review and test compliance controls and perform assessments of key vendors.

Responsibilities include, but are not limited to:

• Review records, reports, systems, and any other relevant programs and activities affected by regulations

• Perform walkthroughs, and review policies and procedures, records, reporting, system controls, and processes to assess the design effectiveness of key controls and to identify gaps

• Collect and review complex data, evaluate information and systems, and draw rational conclusions, to assess controls over key information systems risks

• Perform control testing to assess the operating effectiveness of key controls and compliance with policies, procedures, and applicable laws and regulations

• Collaborate with the business to identify remediation plans to address control gaps

• Present testing results, remediation plans, and results of vendor assessments to Legal and Operations Management in a clear and concise manner

• Perform follow-up of remediation plans through inquiry and inspection

• Provide consulting support to the business and management during the implementation of new processes, systems, or controls

• Analyze potential risks within the business to identify potential compliance issues

• Document process changes in alignment with policy changes (via workflow, etc.)

• Conduct assessments of key vendors to evaluate their IT and Information Security controls (on-site and virtual as applicable)

• Build and sustain relationships with process owners and management

• Manage multiple tasks and prioritize appropriately to meet deadlines

• Collaborate successfully with the Legal and Compliance team, assist others where needed, share knowledge, and be a collaborator

• Negotiate issues and tackle problems collaboratively

• Demonstrate impressive interpersonal skills and communicate clearly and proficiently in verbal and written communications

• Develop risk-based programs to test key processes and controls

• Lead other auditors and coordinating testing/projects, as assigned, to ensure timely completion

• Independently prepare reports that summarize the testing and rank by risk the exceptions and recommendations

• Present testing findings and recommendations to all levels of management

Competencies:

• Applies professional judgment and operational knowledge in assessing the current state of the business area under review, comparing that state to what should be, and recommending action to be taken.

• Build and sustain relationships with audit clients across all business units and all levels of leadership.

• Collaborates proficiently with the Legal and Compliance team, assisting others where needed, sharing knowledge, and being a collaborator.

• Ability to prioritize and work on multiple, concurrent audits, projects, and compliance-related activities, as requested.

• Planning: Sets objectives and goals and easily breaks down work into the process steps. Develops schedules and assignments and can anticipate problems/roadblocks and adjust accordingly.

• Dealing with Ambiguity: Can successfully cope with change and act without having the total picture. Does not get upset when things are in question and can easily manage risk and uncertainty.

• Negotiating: Can skillfully converse in difficult situations with both internal and external groups without damaging relationships. This person must be direct and forceful, but also diplomatic at the same time. They must have a good sense of timing and gain the trust of others quickly.

• Comfortable around Higher Management: Can easily communicate without nervousness and tension with upper management. Understands how senior management thinks and can establish the most effective way to present information.

Qualifications:

• Bachelor's degree or higher in Accounting, Computer Science, Information Technology, or related fields

• Minimum 4-6 years experience in the field of operations, project management, compliance, public accounting, internal/external audit, legal, information security, or information technology

• Active CPA, CIA, or CISA (preferred)

• Knowledge of security frameworks and regulations such as NIST Cybersecurity Framework, ISO, PCI-DSS, GLBA, etc. (preferred)

• Must possess well-developed analytical, critical thinking, and professional skepticism abilities as well as well-developed organization, adaptability, and verbal & written communication skills

• Proficient in Microsoft 365

• Knowledge of Power Platform or other data analytics and visualization tools (preferred)

• Ability to work both independently and as part of a team

• Professional demeanor and ability to work appropriately with all levels of management and maintain strict confidentiality

• Available for overnight travel when required

#LI-AM1

#LI-HYBRID

This job description may not be inclusive of all assigned duties, responsibilities, or aspects of the job described, and may be amended at any time at the sole discretion of JM Family. All work arrangements are subject to associate performance, business need and manager discretion, and may be revised as necessary.

JM FAMILY IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER

JM Family Enterprises, Inc. is an Equal Employment Opportunity employer. We are committed to recruiting, hiring, retaining, and promoting qualified associates without regard to age, race, religion, color, gender, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, gender expression, mental or physical disability, national origin, marital status, citizenship, military status, genetic information, veteran status, or any other characteristic protected by federal, state, provincial, or local law.

DISABILITY ACCOMMODATIONS

If you have a disability and require a reasonable accommodation to complete the job application process, please contact JM Family's Talent Acquisition department at talentacquisition@jmfamily.com for assistance. If you have an accommodation request for one of our recruiting events, please notify us at least 72 hours prior so that we may provide assistance.