Senior IT Auditor

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

THE ROLE

Reporting to the Group Head of IT Audit, the Senior IT Auditor is primarily responsible for independent 3rd Line of Defense (LOD) oversight of IT & Cybersecurity-related audit activities. These activities include coordinating, planning, executing, and reporting audit engagements. Typical assignments include:

• IT Organization and Governance
• Project Management & Software Development Lifecycle
• IT Operations, Support and Maintenance
• Cybersecurity & Privacy
• Business Continuity and Disaster Recovery Plans

The position has a global and strategic view of the Company’s IT and Cybersecurity practices and emerging risks as well as how these may impact the Company’s strategic initiatives and business process activities.

The Senior It Auditor/IT Internal Audit Manager takes a holistic view of the business processes to ensure that all aspects of IT and Security-related risks are included within Internal Audit Department’s audit universe and IT/Security risk-based assessment and audit plan.

This position works with 1st and 2nd LOD functions throughout the CMA CGM Group departments to ensure risks are adequately identified, controlled and issues are properly evaluated and remediated timely.

The Senior IT Auditor/IT Internal Audit Manager provides objective risk centric assurances with respect to the design and/or operating effectiveness of risk management practices, governance processes and the system of internal controls associated with IT and Security-related audit activities.

RESPONSIBILITIES

• Plans, executes, and reports on IT and Security-related audit projects that are new or complex. When necessary, identifies and analyzes risks, prioritizes and plans (including development of audit scope and risks, controls, and test work program) the audit work.
• Conducts audit interviews, observes operations, documents, and analyzes procedures and controls.
• Performs audit tests, prepares appropriate work papers, develops audit recommendations, and reviews them with appropriate management, and prepares audit deliverables.
• Supervises more junior IT auditors work and functionally Business auditors (when necessary).
• Collaborates with other Internal Audit personnel as well as reports and communicates results to key stakeholders.
• Provides overarching guidance and direction in the preparation, execution, and reporting of the IT and Cybersecurity risk-based audit plan.
• Utilizes and manages sourced third-party providers. Serves as the primary liaison to sourced IT and cybersecurity-related audit work by providing appropriate oversight on the quality and depth of work being performed by the third party.
• Communicates proactively with relevant 1st and 2nd LOD functions (including IT & Cybersecurity), Internal Audit’s team members and other key stakeholders.
• Participates in Internal Audit strategic planning activities to develop both short and long-term departmental initiatives.
• May assist in other day-to-day activities and/or projects, such as the audit schedule or preparing report deliverables for presentation to the Senior Management/Audit committee.
• Ensures the overall quality, consistency, risk management and adherence to IA policies and procedures, IIA Standards and regulatory requirements.

Transversal Responsibilities:

• Supports the Internal Audit Department in evaluating and recommending improvements to business practices, processes and control procedures.
• Assists in the acquisition and maintenance of audit tools (e.g., TeamMate+).
• Maintains a current understanding of the Company’s strategic initiatives, policies and procedures (including operating systems, networks and application processing environments and information security issues), as well as industry “best-practices” and emerging trends.
• Sustains professional and technical knowledge with the idea of expanding this knowledge, personal growth and development through continuing professional education efforts. The increased knowledge may occur through attendance at external trainings, seminars, webinars, conferences, as well as reviewing professional publications, establishing personal networks and participating in professional organizations.
• Acts as a role model for the Company’s values and demonstrate the highest ethical standards.
• Performs other duties as assigned by the line of Management.

PROFILE AND QUALIFICATIONS

• Master required in Computer Science or Information Technology
• 8+ years of internal and/or external audit, information technology, cybersecurity, regulatory and/or risk management experience.
• Certified Information Systems Auditor - CISA or equivalent required.
• Advanced knowledge of IT general controls, Information Security, Cyber Security, Application and Network Security, Data Governance, End-User Computing, Project Management, Third Party Management, Business Continuity and Disaster Recovery as well as IT infrastructure including databases, networks, and operating systems.
• Comprehensive knowledge and experience in developing IT and IS risk-based audit work programs and performing risk-based auditing with strong project management skills (PMP certification an advantage).
• Demonstrated knowledge of internal controls frameworks (i.e., SOX, COSO, COBIT, NIST CSF, ITIL, etc.) and identification of emerging IT and IS related risks (i.e., Cloud Computing, Data Analytics, etc.) for a large multinational.
• Strong verbal and written communication skills with a demonstrated ability to articulate effectively and professionally with all levels of management and Internal Audit personnel.
• Excellent analytical, critical thinking and problem-solving skills. Must be a team player. Ability to multi-task and prioritize.
• Innovative and forward-looking thinker with high standards for excellence and integrity.
• Ability to work independently, with limited required direction and guidance, and provide appropriate direction to other Internal Audit team members.
• Willingness to travel 30-40% of the time

Please ensure you are familiar with the CMA CGM Corporate Internal Mobility guidelines