Senior IT Auditor, Amer Sports

Amer Sports is a dynamic, global sports company offering passionate achievement-oriented professionals the chance to succeed and flourish in an international environment. Our globally recognized brands include Salomon, Wilson, Atomic, Arc’teryx, and ENVE.  We are a company where ambitious, competent and motivated people can make their mark. All our team members are ready to strive for the best of the company and to win together. Just like our customers, we are dedicated to an active lifestyle and sports. 

We are seeking an IT Auditor to build upon our efforts to drive the effectiveness of IT and Business Process controls across North America.  This role will be responsible for assessing and conducting gap analyses to identify potential gaps and recommend specific actions to correct gaps and design enhancements for internal controls, such as segregation of duties, production change management, software management, cyber security, incident handling, identity access, and transmission integrity.

The IT Auditor will support Control Owners within the Business Units across the Amer Sports platform working closely with IT, Audit, Business functions, Privacy group, steering committees, and other key stakeholders to ensure strict compliance with global regulatory requirements, standards and policies (i.e. SOX, GDPR, etc.).  Specific duties may include:

• Perform targeted risk assessments and provide recommendations to Control Owners (both within IT and the business functions).
• Maintain the global repository of controls and related control design documentation.
• Participate in scoping activities for IT SOX applications, systems changes and business transformation projects.
• Contribute to the design and implementation of enhancements for internal controls such as segregation of duties, change management, access management, IT operations, workflow, and application configuration, etc.
• Facilitate with IT policy steering committee and senior management to develop IT policies, provide guidance, ensure consistency, and facilitate roll out and maintenance of corporate IT policies.
• Gain knowledge and understanding of SAP S/4, and other legacy systems for IT SOX controls.
• Drive continual improvement of the IT SOX governance program through the development of training, facilitation of SOX auditors and creation of support materials and processes for Control Owners.
• Review deficiencies identified during audit or internal assessments and collaborate with the IT Risk & Compliance team to develop and execute remediation plans.
• Act as a liaison to internal/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders. Identify, communicate and coordinate efforts to resolve control exceptions.
• Identify, communicate and coordinate efforts to resolve control exceptions.
• Develop status reports and key metrics to support the IT Risk and Compliance function.
• Act as a subject matter expert for IT SOX, IT general controls, and needed audit evidence for Control Owners, IT GRC team, IT management and business process internal control team.
• Conduct quality reviews of control documentation to ensure that documentation will pass SOX audits. Perform risk assessments, determine root cause and recommend corrective action plans.
• Participate in weekly team meetings and internal initiatives to review outstanding issues and/or to discuss new trends or projects.
• Develop and deliver training workshops, sessions, materials, and presentations to assist process owners, employees, and management on IT SOX processes and controls.
• Contribute to various project efforts relating to SOX PMO, vendor management, external audit, information security, and enterprise risk management.
• Perform other duties and responsibilities, as assigned.

This role requires a bachelor’s degree in Information Systems, Computer Science, Business or related technical discipline (or equivalent work experience).  We are seeking a candidate with 7+ years of relevant work experience and a strong understanding of regulatory topics impacting SAP environments, including Sarbanes Oxley.  Qualified candidates will also demonstrate knowledge of leading practice IT control frameworks and audit methodologies.  Other qualifications include:

• Intermediate knowledge of evaluating internal controls, developing recommendations, and designing &implementing solutions
• Excellent time management, prioritization and multi-tasking skills; ability to balance immediate and long-term priorities
• Basic knowledge of project management principles (planning, organizing, and managing assessment process)
• Strong interpersonal skills with the ability to work effectively in a matrixed organization and collaborate with others that are geographically distributed across different time zones
• Excellent communication skills (verbal, written, and listening)
• Build and maintain positive working relationships with stakeholders, including application, process, and control owners along with management in support of IT Risk and Compliance processes and practices
• Strong analytical ability, judgment and problem analysis skills
• Able to work in a fast-paced environment, both independently and as part of a team
• Hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access
• SAP functional knowledge a plus
• SAP GRC Access Controls and Process Controls experience a plus
• Background in SAP Security or Identity & Access Management a plus
• CISA certifications a plus

What We’ll Provide

We offer a great working environment in the sports industry with talented & passionate colleagues all over the world!  Benefit and perks include: 

• Medical, dental and vision
• 401k with company match
• Life insurance
• Pre-tax transit discounts
• Paid maternity/paternity leave
• Professional development opportunities
• Discounts on Amer Sports products
• Smart casual dress
• On-site health club
• Summer hours
• Hybrid work schedule

Amer Sports is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, gender expression, protected veteran status, disability, or any other legally protected characteristics.