Epicor

SaaS

ITAuditPrincipal

Austin, Texas, United States FULL TIME Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“IT Audit Principal at Epicor. Skills: ITGCs, SOX requirements, cybersecurity controls, risk assessments, control design, SDLC, cloud environments. Lead the evaluation and ongoing monitoring of ITGCs to ensure adequate design, operating effectiveness, efficiency, and compliance with SOX requirements and regulatory expectations.. Assess cybersecurity controls that intersect with ITGC domains, including identity and access management, privileged access, logging/monitoring, vulnerability management,”

Industry & Context.

SaaS

Problems you'll solve

analytical, problem-solving, and risk assessment skills.

What They're Looking For.

Must Have

8+ years of progressive experience in IT audit, IT compliance, SOX, and/or cybersecurity risk management, Bachelor’s degree in Information Systems, Cybersecurity, Accounting, Finance, or related field

Nice to Have

Big 4 is a plus, Specialized experience in the Software industry, Relevant certifications such as CISA, CISSP, CISM, CRISC, CIA, or CPA (or equivalent)

What You'll Do.

Lead the evaluation and ongoing monitoring of ITGCs to ensure adequate design

operating effectiveness

and compliance with SOX requirements and regulatory expectations.

Assess cybersecurity controls that intersect with ITGC domains

including identity and access management

vulnerability management

and incident response.

Drive evaluation of broader cybersecurity programs (e. g.

ISO 27001) as dictated by our audit plan and underlying business objectives.

Provide thought leadership and partnered advisory in the planning

and execution of IT SOX testing activities

including risk assessments and control rationalization.

Evaluate System Development Life Cycle (SDLC) controls to ensure secure system implementation practices

including secure coding

and vulnerability remediation.

Partner with cybersecurity teams to assess risks related to cloud environments

ensuring appropriate controls are designed and operating effectively.

Act as a liaison to external auditors for ITGC and cybersecurity-related audits

ensuring alignment and timely communication of findings.

Lead root cause analysis and provide recommendations for control deficiencies

including those related to cybersecurity incidents and/or control gaps.

Provide independent and objective advisory to IT and business stakeholders on control design

and cybersecurity best practices.

and maintain IT control documentation

including process flows

ensuring alignment with both SOX and cybersecurity requirements.

Oversee and enhance the quarterly SOX certification process

incorporating cybersecurity risk considerations where applicable.

Monitor emerging cybersecurity threats

and assess their impact on the organization’s control environment.

Enable continuous improvement initiatives across IT Audit and cybersecurity programs

including automation and deployment of new technologies.

Support executive leadership with special project advisory that inform strategic initiatives

and special transformational projects as needed.

Build and leverage AI solutions and workflows to enable capacity or unlock capability for an Internal Audit function.

How You'll Work.

Team & Collaboration

Partner with cybersecurity teams to assess risks related to cloud environments, infrastructure, and applications, ensuring appropriate controls are designed and operating effectively.; Act as a liaison to external auditors for ITGC and cybersecurity-related audits, ensuring alignment and timely communication of findings.; Provide independent and objective advisory to IT and business stakeholders on control design, risk mitigation, and cybersecurity best practices.; Collaborate with a diverse team in an inclusive, global workplace that fosters innovation and celebrates partnership.

Communication Scope

Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organization.

Process & Methodology

Ability to manage multiple priorities, execute complex tasks, and operate both strategically and tactically.

Full Job Description

**What you 'll be doing** * Lead the evaluation and ongoing monitoring of ITGCs to ensure adequate design, operating effectiveness, efficiency, and compliance with SOX requirements and regulatory expectations. * Assess cybersecurity controls that intersect with ITGC domains, including identity and access management, privileged access, logging/monitoring, vulnerability management, and incident response. * Drive evaluation of broader cybersecurity programs (e.g., NIST, ISO 27001) as dictated by our audit plan and underlying business objectives. * Provide thought leadership and partnered advisory in the planning, scoping, and execution of IT SOX testing activities, including risk assessments and control rationalization. * Evaluate System Development Life Cycle (SDLC) controls to ensure secure system implementation practices, including secure coding, change management, and vulnerability remediation. * Partner with cybersecurity teams to assess risks related to cloud environments, infrastructure, and applications, ensuring appropriate controls are designed and operating effectively. * Act as a liaison to external auditors for ITGC and cybersecurity-related audits, ensuring alignment and timely communication of findings. * Lead root cause analysis and provide recommendations for control deficiencies, including those related to cybersecurity incidents and/or control gaps. * Provide independent and objective advisory to IT and business stakeholders on control design, risk mitigation, and cybersecurity best practices. * Develop, review, and maintain IT control documentation, including process flows, narratives, and control matrices, ensuring alignment with both SOX and cybersecurity requirements. * Oversee and enhance the quarterly SOX certification process, incorporating cybersecurity risk considerations where applicable. * Monitor emerging cybersecurity threats, regulatory changes, and industry trends, and assess their impact on the organization’s control environment. * En

Free ATS check

Applying for this IT Audit Principal role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 68 detected · ranked by frequency

risk assessments ×4

ITGCs ×3

cybersecurity controls ×3

control design ×3

SDLC ×3

cloud environments ×3

evaluation and ongoing monitoring of ITGCs ×3

assess cybersecurity controls ×3

identity and access management ×3

privileged access ×3

logging/monitoring ×3

vulnerability management ×3

incident response ×3

evaluation of broader cybersecurity programs ×3

evaluation of System Development Life Cycle (SDLC) controls ×3

secure coding ×3

change management ×3

vulnerability remediation ×3

assess risks related to cloud environments, infrastructure, and applications ×3

liaison to external auditors ×3

root cause analysis ×3

recommendations for control deficiencies ×3

develop, review, and maintain IT control documentation ×3

process flows ×3

narratives ×3

control matrices ×3

oversee and enhance the quarterly SOX certification process ×3

monitor emerging cybersecurity threats, regulatory changes, and industry trends ×3

assess their impact on the organization’s control environment ×3

enable continuous improvement initiatives ×3

automation ×3

deployment of new technologies ×3

BEHAVIOURAL

thought leadershippartnered advisoryindependent and objective advisorystakeholder managementinfluence at all levels of the organizationoperate both strategically and tactically

Role Details

Seniority senior

Experience 8–10 yrs

Level Senior

Work Mode Hybrid

Type FULL TIME

Education Bachelor's degree

AI-Extracted Insights

Domain Areas

sox-requirementsit-frameworks-e-gcobitcybersecurity-control-frameworks-e-gnist-csfiso-27001cis-critical-security-controlsdata-protection

Certifications

CISACISSPCISMCRISCCIACPA

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Epicor?

Real rants from real employees. Read before you apply.

Read Company Rants →