Senior IT Auditor

Job Location: Hershey, PA , Hybrid, Open to remoteCOVID-19 Vaccine Safety MandateThis position requires that you must be fully vaccinated for COVID-19 (even if working remotely) and present proof of vaccination before beginning employment. If you receive an offer of employment, you will be asked as part of the background check process to upload a copy of your vaccination card. If you believe you require an accommodation for medical or religious reasons related to the vaccine safety mandate, you may submit a request after you receive an offer of employment. Instructions on how to do so will be provided in your offer letter.Responsibilities:Perform Real-Time Systems Implementation Readiness AssessmentsEffectively perform assigned procedures to evaluate go-live readiness for each key module of Hershey''s ERP implementation (and subsequent Tier 1/2/3 systems implementations) leveraging working knowledge of SAP solutions and industry-recognized Project Management Body of Knowledge (PMBOK) and Systems Development Life Cycle (SDLC) standards.Effectively communicate with Hershey IT and Business personnel to articulate the objectives of audit assessments, obtain required process understandings/documentation, align on identified risks/impact, and positively influence risk remediation via proposed recommendations.Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to enable delivery of readiness assessments included within the Audit Plan.Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.Summarize the results of assigned go-live readiness assessment procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership utilized to inform go-live decisions.Support SOX 404 Compliance Facilitate compliance throughout assigned key business units and functions with standards of internal control over financial reporting promulgated by the Sarbanes-Oxley Act of 2002 through effectively executing assigned SOX 404 tests of controls.Evaluate and identify opportunities to automate attribute/substantive/controls testing capabilities to achieve increased audit coverage and efficiency.Execute quarter and annual management assistance and External Audit support requests and testing requirements.Provide technical support to end users of the SOX 404 Application (Workiva).Perform Vulnerability, Infrastructure & Application Security AuditsParticipate in Internal Audit''s IT risk assessment to identify high-risk cybersecurity and internal infrastructure/application vulnerabilities which should be incorporated in Audit''s Annual Audit Plan leveraging basic working knowledge of industry-recognized NIST, COBIT, or COSO frameworks and awareness of emerging global IT risk trends. Effectively execute assigned procedures to perform external vulnerability and internal infrastructure/application security assurance reviews leveraging IT audit experience and technical knowledge gained via CISA and/or CRISC certifications.Document results of audit procedures in the form of audit working papers which comply with IIA standards.Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to ensure delivery of Audits in the Annual Plan.Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.Summarize the results of assigned audit procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership.Provide Integrated IT Support for Financial & Operational AssuranceEffectively execute assigned audit procedures to evaluate and conclude upon the design and operating effectiveness of operating system/database security, user security, segregation of duties, interface security/error monitoring, systems change management, completeness/accuracy of data transmission, and IT risk posture of 3rd party service providers. Document results of audit procedures in the form of audit working papers which comply with IIA standards.Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.Summarize the results of assigned audit procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership.Assist Audit Managers and Directors with performing value added data analytics utilizing Tableau and configuring continuous monitoring rules leveraging SAP GRC Process Control as requested.Minimum Education and Experience Requirements: Bachelor''s degree in Information Security, Management Information Systems, of Other Related IT field requiredProficient working knowledge and experience leveraging NIST, COBIT, COSO, PMBOK standards requiredRelevant audit and project management certifications strongly encouraged (CISA, CRISC, PMP)3-5 years of experience evaluating significant systems implementations, leading IT risk assessments/assurance servicesSAP experience requiredSAP GRC Process Control experience preferredLI-JE1The Hershey Company is an Equal Opportunity Employer. The policy of The Hershey Company is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual''s race, color, gender, age, national origin, religion, citizenship status, marital status, sexual orientation, gender identity, transgender status, physical or mental disability, protected veteran status, genetic information, pregnancy, or any other categories protected by applicable federal, state or local laws.The Hershey Company is an Equal Opportunity Employer - Minority/Female/Disabled/Protected VeteransIf you require a reasonable accommodation as part of the application process, please contact the HR Service Center [Click Here to Email Your Resumé]).

Created: 2025-11-15