IT Audit Senior Manager

Finance Malvern, Pennsylvania


Job Summary - a concise overview of the job

The IT Audit Senior Manager leads information technology (IT) audits, assessing the adequacy and effectiveness of controls over critical information systems throughout the Company.  The Senior Manager, IT Audit will assess the effectiveness and efficiency of operations, reliability of financial reporting, appropriateness of risk management activities, cyber-resilience, and compliance with applicable laws and regulations. This person will be accountable for contributing to the direction and management of the operations, focus/priorities, and resources of the internal audit function to promote continuous improvement and development while providing assurance over the Company’s most significant IT risks.  The Senior Manager, IT Audit will identify and clearly define audit issues, root causes, recommend improved controls and processes, and ensure that corrective action plans are developed and implemented.

All incumbents are responsible for following applicable Division & Company policies and procedures.

Scope of Authority - span of control (work unit, site, department, division, etc.), monetary value of budget/spend authority ( capital, operating, etc.), P&L responsibility, etc.

Enterprise Wide – IT Focus


Key Accountabilities - key outcomes/deliverables, the major responsibilities, and % of time



% of Time


·        Identification, prioritization, and assessment of IT risks.  Responsible for the IT annual audit plan (risk assessment, audit planning, audit execution, report writing, issue tracking, etc).

·        Utilize the COBIT and NIST frameworks to identify, prioritize, and assess IT risks.   Maintain an ongoing risk assessment that feeds into audit planning and execution.

·        Develop, perform, and complete IT audits and business process review engagements.  Present findings and recommend action plans to Management. 

·        Develop and execute the annual testing approach to validate Management’s internal control assessment process undertaken in accordance with Section 404 of the Sarbanes-Oxley Act. This includes managing internal and external resources, coordinating with external auditors, and being responsible for issue documentation and escalation.  Responsible for performing or overseeing testing of SOX relevant automated controls and IT General Controls (ITGC’s).

·        Provide IT thought leadership in IT process optimization.

·        Develop and execute IA department continuous improvement efforts, networking with other IT audit professionals outside of Endo on best practices, and recommend/develop/implement change efforts in the department.


·        Communicate IT audit results and issues to executive management, external auditors, and the Chief Audit Executive through written reports and discussions.






Education & Experience

Minimal acceptable level of education, work experience and  certifications required for the job

§  Bachelor’s Degree in business; IT concentration highly desirable.

§  Minimum of 8 years of experience with a minimum of 5 years performing IT audits for a public accounting/consulting firm or a well-regarded internal audit organization.

§  Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) is a plus.

§  Experience interacting with and presenting to senior executives.

§  Experience planning, designing, and executing audits and Sarbanes-Oxley related procedures.

§  Experience auditing cyber-security risk areas.

§  Experience with SAP.


Proficiency in a body of information required for the job   

e.g. knowledge of FDA regulations, GMP/GLP/GCP, Lean Manufacturing, Six-Sigma, etc.

§  Extensive knowledge and experience in information systems, especially those related to financial reporting.

§  Sarbanes Oxley (SOX) Compliance proficiency (Internal Controls/COSO 13).

§  Strong technical knowledge of internal controls, business processes, NIST, and COBIT frameworks.

§  Access control software, network security architecture and administration.

§  IT Security policies and standards.

§  Cyber-security risk management concepts, frameworks, programs, and practices.

§  Knowledge and familiarity with data analytics procedures is a plus.




Often referred to as “competencies”, leadership attributes, skills, abilities or behaviors that may be enterprise, functional or job specific       e.g. coaching, negotiation, calibration, technical writing etc.

§  High level of ethics and integrity, with ability to be objective and independent.

§  Self-motivated, critical thinker, with proven track record of strong leadership and managerial skills.

§  Strong IT auditing expertise. Experience in developing audit procedures and executing/leading to address identified risks, and providing deliverables within the expected timeframe.

§  Desire and ability to roll up sleeves and both lead and execute

§  Effectively work with business management to plan, coordinate, and execute audit projects.

§  Highly developed and effective interpersonal skills for dealing with potentially sensitive and controversial issues; must have an ability to communicate, coordinate, and influence members of management at all levels.

§  Ability to build effective relationships with senior management, outside advisors, and internal stakeholders (including other compliance or risk groups).

§  A collaborative, team oriented leadership style.

§  Ability to synthesize detailed information into concise executive-level reports and analyses.  The reports should identify significant and meaningful observations and recommending opportunities to enhance business results and internal controls.

§  Proficient with Enterprise Resource Planning Systems (ERP), especially SAP

§  Strong technology abilities including experience with Microsoft Excel and database applications.



Physical Requirements

Physical & mental requirements     e.g. lift 40 pounds, walk across plant/warehouse, business travel (% of time), driving as part of work responsibilities, etc.

§  Up to 5% travel.