Senior IT Internal Auditor

The Area:

Morningstar is a leading global provider of independent investment insights.  Our core competencies are data, research, and design, and we employ each of these to create products that clearly convey complex investment information. Our mission is to empower investor success and everything we do at Morningstar is in the service of the investor.

Reporting to the Audit Committee of the Board of Directors, the purpose of the Global Audit and Assurance (GAA) function is to strengthen Morningstar’s ability to create, protect, and sustain value by providing the Company with organizationally independent, risk-based, and objective assurance and consulting services to evaluate and improve Morningstar’s governance, risk management, and control processes.

The Role:
Morningstar’s GAA function seeks a highly motivated Senior IT Internal Auditor who thrives on new experiences and challenges. As a Senior IT Internal Auditor, you will play an integral role in evaluating the company’s information technology and information security processes and effectiveness of internal controls. You will have the opportunity to work on a variety of information technology integrated reviews as well as evaluate the effectiveness of IT general controls over external financial reporting as part of the company’s Sarbanes-Oxley Section 404 compliance activities. Based in Mumbai, the Senior IT Internal Auditor may be required to travel to a number of domestic and international locations in support of our IT internal audit plan. You will work closely with all levels of management across the organization, recommending changes to strengthen controls for increased efficiencies and reduced risks. The Senior IT Internal Auditor will have the opportunity to utilize and reference world-class audit tools and audit methodologies in the performance of his or her duties.

Key responsibilities:

• Planning and execution of information technology and integrated audit reviews.
• Perform walkthroughs of complex information technology and information security processes and test the design and effectiveness of internal controls.
• Document work and prepare observations and recommendations for corrective action.
• Supervise audit staff and/or external consultants, review workpapers, and provide appropriate coaching and feedback.
• Effectively apply the COSO internal control framework, COBIT IT governance framework, NIST Cybersecurity framework and IIA International Professional Practices Framework.
• Assist audit management with the execution of continuous risk assessment and audit plan development.
• Serve as a consultant and business partner with management.
   

Requirements:

• Action-oriented, self-starter with strong verbal and written communication skills.
• Comfortable working both independently or in teams and working within a complex environment.
• Ability to diagnose problems, determine root causes, and recommend solutions to complex challenges.
• Strong understanding of information technology general computer controls, system development life cycle, and IT auditing techniques; including a broad knowledge of IT technologies, operating systems, databases, and application platforms.
• Knowledge of recognized IT audit and governance frameworks such as COBIT, ITIL, NIST, ISO, etc.
• Knowledge of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
• Undergraduate degree in information technology, management information systems, or a related field.
• Minimum of 7 years of internal or external audit experience assessing information technology/security controls and/or internal controls over financial reporting.
• Proven ability in performing multiple projects and working with varying team members.
• Flexibility/ adaptability to work a non-standard schedule as needed to accommodate various time zones where some process owners are located.
• Willingness to travel to domestic and international offices.
• Experience in working for a Big 4 or Tier-Two public accounting firm is highly preferred.
• Experience performing data analytics and using data analysis or automated audit software is highly preferred.
• Professional accreditation (e.g., CIA, CISA, CPA) is highly preferred .

Morningstar is an equal opportunity employer.

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.