Manager - Technology Risk Audit

At DICK’S Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams.  We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.

If you are ready to make a difference as part of the world’s greatest sports team, apply to join our team today!

OVERVIEW:

As Dick’s Sporting Goods continues to grow and invest in its technology ecosystem, we’re expanding our Internal Audit team with several new Technology Internal Audit roles. These positions are part of our ongoing focus on strengthening our partnership with Technology to provide assurance and insights as they build for what’s next.

The Manager - Technology Risk Audit will be responsible for providing assurance and guidance to the Company related to technology risks. This position will report directly to the Sr. Director – IA Strategy & Transformation and be responsible for engaging with Technology in new system implementations, assurance audits, and special projects as requested by Management. This will include ongoing risk assessment and planning and executing the Audit Plan that is designed to address the significant technology risks and to evaluate and test the internal control structure and operational processes. Additionally, this position is responsible for supervising, coaching, and developing Technology Risk Auditors.

Role Responsibilities:

Technology and Integrated Audits

• Manage technology and integrated audits, including audits over infrastructure, cloud environments, and applications

• Establish and maintain appropriate professional relationships with Company personnel and external auditors/consultants.

• Review risk assessments and process flows completed by Technology Risk Auditors to ensure appropriate coverage of risks and scoping.

• Create audit communication plan including internal status updates and updates to auditees.

• Review work programs and test procedures drafted by Technology Audit team for coverage and design of testing procedures to meet audit objectives

• Oversee audit team's fieldwork, including reviews of teammates' work papers

• Perform and/or review the evaluation of audit procedures/results prior to Sr. Director review to:

  • Ensure completeness and effectiveness of audit results are in line with agreed upon audit scope.

  • Assess the adequacy and efficiency of operating policies and procedures.

  • Recommend alternative policies, procedures, or efficiencies.

• Draft audit reports that consider root causes, impact/exposure, and both near and long-term recommendations/solutions for the auditee and Executive Management.  Tailors and summarizes deliverables based upon audience for the appropriate level of detail.

Sarbanes-Oxley (SOX) and Internal Control Testing

• Interact with all levels of the organization to gain an understanding of the technology processes and internal controls.

• Review the documentation risks and controls and execute tests to evaluate the controls and review testing performed by Technology Risk Auditors.

• Draft and review audit issues to report to senior management and the external auditors.

Consulting / Special Projects / Technology Audit Governance

• Assist and identify potential areas of assistance to technology in the development and/or implementation of process efficiencies, control improvements and best practices.

• Assist with special assignments by developing project plans to measure and monitor completion against initially planned timelines.

• Create detailed audit programs to achieve project objectives for short notice special projects at the request of Senior Management

• Draw upon established strategic working relationships and Company knowledge to complete consulting/special projects in a quick time frame

On-Site Store and Distribution Center Audits

• Perform on-site physical inventory observations and other audit procedures at various stores

• Assist financial/operational audit team in performing Distribution Center audits

• Communicate audit findings and recommendations for improvement to Management via audit reports and closing meetings

System Implementations

• Audit system implementations at various phases, including for iterative deployments, pre go-live, and post go-live, depending on the nature of the implementation.

• Tailor audit procedures to accommodate differing implementation and development methodologies, including waterfall and agile development, to evaluate development, project management, integration, data conversion/validation, and testing controls, as applicable.

• Review the existing business and system process documentation and the proposed new system and process for design effectiveness, risk assessment and management, control implications, etc.

• Develop and review test plans for the implementation which would include pre-conversion and post implementation testing.

• Review technology and business user testing and documentation for adequacy and completeness.

• Recommend alternative policies, procedures, or efficiencies.

• Drafts and reviews audit reports to communicates to auditees' leadership teams (Director+ levels).

QUALIFICATIONS:

• Bachelor's Degree in Information Systems and Technology, Data Science, or Cybersecurity Studies

• 5-7 total years experience, including 3+ total public accounting and/or internal audit years of experience ; Previous experience within the retail or tech industry

•  Required certifications – CISA

• One of the following preferred certifications – CIA, CISSP,  CIPP/US, CIPT, CIPM,  CISM, CRISC, CDPSE, CGEIT certification(s) or similar certificate

• SOX and knowledge of general technology controls and able to audit unfamiliar areas with ease

• Strong competency and audit knowledge of at least three skillsets of the following: Infrastructure, Cloud, Cybersecurity, Privacy, System implementations, Application audits, including identification and testing of application controls and key interfaces/integrations, Data analytics, Performing special projects at the request of Management

• Excellent relationship-building skills with a strong client-service focus

• Proven ability to adapt to change, including adapting the Internal Audit plan and resource allocations to adjust based upon business need

• Ability to perform root cause analysis and understand risk exposure

• Travel – 10% ​

#LI-JD1

VIRTUAL REQUIREMENTS:

At DICK’S, we thrive on innovation and authenticity. That said, to protect the integrity and security of our hiring process, we ask that candidates do not use AI tools (like ChatGPT or others) during interviews or assessments.

To ensure a smooth and secure experience, please note the following:

• Cameras must be on during all virtual interviews.

• AI tools are not permitted to be used by the candidate during any part of the interview process.

• Offers are contingent upon a satisfactory background check which may include ID verification.

If you have any questions or need accommodations, we’re here to help. Thanks for helping us keep the process fair and secure for everyone!