IT Controls Senior Analyst
Grainger is a broad line, business-to-business distributor of maintenance, repair and operating (MRO) supplies and other related products and services. More than 3.2 million businesses and institutions worldwide rely on Grainger for products such as safety gloves, ladders, motors and janitorial supplies, along with services like inventory management and technical support. These customers represent a broad collection of industries including commercial, government, healthcare and manufacturing. They place orders online, on mobile devices, through sales representatives, over the phone and at local branches. Approximately 5,000 suppliers provide Grainger with more than 1.6 million products stocked in Grainger’s distribution centers and branches worldwide.
As part of Grainger’s Global Internal Controls Team (Corporate Controllership), the IT Controls Senior Analyst will primarily be responsible to help build awareness and reinforce the importance of a strong internal controls environment by partnering with the Company’s IT department to support and manage IT internal control assessments, provide recommendations and guidance to IT control owners/business partners, coordinate internal and external IT audit activities for the Company’s annual SOX 404 compliance activities (IT general and application controls).
Principal Duties & Responsibilities
The IT Controls Senior Analyst will work within the general guidelines provided by the Director, Global Internal Controls and the Manager, IT Global Internal Controls in connection with Grainger’s SOX 404 process. The role’s key duties and responsibilities are as follows:
- Coordinate and facilitate IT control walkthroughs and other end to end IT SOX compliance activities with internal & external auditors and IT control owners/stakeholders (walkthroughs, testing, follow-up on open items, remediation efforts, and documentation updates, etc.), utilizing sound judgment to identify and assess risk, strategic risk coverage, materiality, adequacy of audit evidence, and the significance of findings.
- Assist in effective management of internal and external audit efforts and partnership, drive for timely submission of critical audit deliverables, and support of Audit Committee reporting.
- Assist the Global Internal Controls team in overall SOX governance program through:
- Assistance in creation of the annual SOX 404 risk assessment.
- Assistance in identification and documentation of SOX in-scope key systems.
- Improving, identifying gaps, remediating gaps, designing, and documenting new/modified IT general controls (ITGCs) and IT application controls through performance of ITGC and risk assessment projects.
- Strategically and cost effectively drive coverage of IT risk associated with financial reporting data and process flows.
- Assisting in preparation and maintenance of IT SOX process documentation (process narratives, flow charts, risk/control matrices, etc.) with IT business partners in accordance with the highest standard.
- Developing and maintaining effective working relationship with IT business partners and SOX stakeholders to achieve their internal controls and remediation plans.
- Assist with the development and presentation of internal controls and SOX training programs.
- Maintain professional certifications, related educational requirements and stay abreast of changes to and best practices in SOX compliance and internal controls overall
Preferred Education & Experience
- Bachelor's Degree in accounting, management information systems, computer sciences, or equivalent combination of education, audit training, and years of experience is required.
- Certifications in IT compliance standards (e.g., CISA, CISSP, CISM) is required.
- Other relevant professional certification such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA) or Certified Fraud Examiner (CFE) is a plus.
- Master’s degree in relevant IT or business area is a plus.
- Two years or more in related work experience: public accounting firm and/or consulting experience in IT internal/external audit, IT internal controls team settings.
- Experience with large publicly-traded, international companies subject to SOX requirements is required.
- Theoretical knowledge and practical application of major risk and IT control frameworks and IT industry standards (e.g., COSO 2013, COBIT, ISO, CMM, ITIL, PCI, NIST, SSAE 18 SOC, etc.) is required.
- Advanced knowledge and experience in identification, auditing, design, and operating effectiveness of IT general controls and application controls is required.
- Robust project management skills; proven ability to manage multiple projects, work effectively with cross-functional partners and drive process improvement initiatives across the organization is required.
- Intermediary to advanced skills in MS Office products (Excel, Word, Powerpoint, Visio, at a minimum) is required.
- Working knowledge of major business cycles/process flows/controls in SAP modules (or equivalent ERP system) is a distinct plus.
- Audit knowledge and experience with various operating system and database platforms (e.g. Windows, Unix, Oracle, Exadata, etc.) is a distinct plus.
- Experience with robust risk-based governance models or GRC tools a plus
- Experience in industries analogous to Grainger’s is a plus.
Required Skills and Abilities
- Polished communication skills including:
- Ability to interact, influence without authority with employees and leaders across different business areas
- Ability to communicate compliance and IT technical requirements into relevant and understandable terms for IT and business personnel and vice versa for IT personnel.
- Strong presentation skills, both written and verbal, to management
- Strong organizational change management, planning and project management skills. Proven ability in driving multifaceted, cross-functional projects that require influence without authority.
- Ability to work independently and comfortable adapting to frequently shifting priorities as decisions are made daily to support and strengthen the control environment.
- Excellent understanding of internal controls and ability to apply risk & controls knowledge & theory to a variety of scenarios.
- Strong business acumen, critical thinking, problem-solving, analytical skills, attention to detail, and is a self-starter.
- Ability to leverage business systems (SAP, BW, etc.) and tools (Excel, Word, PowerPoint, etc.) to support business execution and measurement of results.
- Ability to work under strict deadlines with minimal supervision.