Senior IT Auditor

Why Wyndham?

By joining Wyndham Hotels & Resorts, you will play an integral role in our mission to make hotel travel possible for all. You’ll be part of the largest hotel franchise company in the world, where we strive to deliver the best value to our owners and guests. Most importantly, you’ll be entrusted to live our unique Count on Me culture, set by our core values of integrity, accountability, inclusive, caring and fun. At Wyndham, we provide all team members the opportunity to grow through best-in-class training and career development, leadership training, mentorship opportunities and educational support.  Supporting our team members is a top priority, which is why we offer competitive compensation and benefits, vacation, team member appreciation days, workplace flexibility and much more.  At Wyndham Hotels & Resorts, we value and embrace a culture of diversity, equity and inclusion that supports team members of all backgrounds and experiences. We can’t wait to welcome you!

The Role

Reporting to the Manager, IT Audit, the Senior Auditor’s main responsibility will be to lead projects with the objective of evaluating, designing and testing the control environment of the Company as it relates to IT Controls.  The Senior Auditor must work well independently, prepare work papers, communicate findings, formulate recommendations and draft reports. The position will work closely with the IT/Info Security, Compliance, Audit Services, and SOX finance teams in order to meet compliance objectives and requirements. 

Secondary to internal controls auditing, the Senior Auditor will have a lead role in performing IT and Information Security audits in accordance with the annual audit plan. The Senior Auditor will also be responsible for documenting audit results, preparing audit work papers, and communicating audit findings to internal audit management, external auditors and other key stakeholders within the business.

This position requires the ability to work in a complex and dynamic business environment. 
 

What you'll do

• Supervise and confirm process mapping with process owners.
• Identify control objectives and related controls within business processes.
• Lead the evaluation of control design and identify control gaps.
• Coordinate the development of work programs to test the operating effectiveness of controls.
• Execute specific test steps and document results.
• Communicate test results and identify control deficiencies.
• Collaborate with process owners on status of control testing.
• Formulate recommendations to improve internal control processes and other value adding opportunities, as appropriate.
• Lead process evaluations and identify opportunities to create efficiencies or improve efficiency.
• Follow-up on outstanding action points within an agreed timetable and ensure that all issues are closed in a timely fashion.
• Coordinate the development of new work programs as required, and take steps to consolidate feedback on the improvement of current work programs.
• Assist in the determination of the annual audit plan and the creation of relevant audit programs.
• Document audit testing and results that are to be reviewed by management.
• Communicate and discuss preliminary audit findings with IT owners, management and the Manager, IT Audit.
• Provide guidance to IT owners regarding proper procedures and remediation efforts. 
   

You'll be successful if you have

• Team player with a positive “can do” attitude, willingness to learn new concepts in a fast paced environment, be a self-starter, and accept responsibility to meet deadlines.
• Strong verbal and written communication skills.
• Aptitude for business processes and controls and an understanding of how IT supports and impacts business functions.
• Ability to develop and maintain relationships, but also challenge the business when necessary.
• Ability to independently evaluate controls over logical access, change management, infrastructure, network, cloud, applications and databases according to established timetables and requirements.
   

Required Qualifications/Experience

• BA/BS degree in Management Information Systems, Computer Science, or related field.
• 3 years of relevant experience SOX GITC/ITGC auditing, preferably Big 4 Public Accounting or similar.
• Security and Audit certifications (e.g., CIPP, CISSP, CISM, or CISA) are highly desirable.
• Working knowledge of relevant auditing tools (E.g. Auditboard, Workiva, etc.) is desirable.
• Proficient with Microsoft Office (Excel, Outlook, PowerPoint, Word) is required.
• Working knowledge of relevant data analytics tools such as ACL / IDEA; SQL or scripting knowledge a plus.
• Knowledge of multilayer and multi-technology networks, system, application, and database security, Information Security benchmarks (NIST, CIS, ISACA), privacy laws, Information Security risks and trends.
• Experience with infrastructure technologies diverse operating systems (e.g., Virtualization, z/OS, z/VSE, UNIX/Linux and Windows platforms), Cloud security architecture, Network security devices (e.g.,firewalls, intrusion detection and prevention systems, proxies, network taps), and relational databases (e.g., Oracle, Microsoft SQL, AS400, DB2, IBM Mainframe).
• Understanding of Information Security industry auditing tools (e.g., Nessus, IBM AppScan, CIS Benchmarking Tool, Rapid 7, Symantec Control Compliance Suite CCS).
• Understanding of PCI, ISO/IEC 27000 series, ITIL and COBIT standards, European data protection (e.g., GDPR), IT infrastructure and processes, IT governance, project management, principles of internal controls.