Advisor, Internal Audit, IT

Summary

Celestica is the brand behind the brands you love in cutting-edge technology solutions, partnering with some of the world’s largest companies across diverse sectors like tech, enterprise, communications, automotive, aerospace & defense, HealthTech, industrial & smart energy, capital equipment, consumer, and robotics. Within this high-tech global landscape, our leadership relies on Internal Audit to objectively evaluate risk management controls and provide value-added recommendations that maintain our world-class standards. As an Internal Audit Advisor, you apply in-depth knowledge in IT systems to perform internal reviews and ensure the adequacy and reliability of internal controls. You act as a key advisor to internal clients, to deliver on team goals, influence management on significant technology issues, and resolve conflicts with tact and diplomacy across our global operations in the Americas, Europe, and Asia.

Responsibilities

• Strategic IT Audit Leadership: Lead and conduct comprehensive IT audits and reviews of systems, applications, and IT processes. You are responsible for complex audits involving new acquisitions and the implementation of emerging technology audits with no prior history or background. 
• Security & Infrastructure Oversight: Conduct IT security audits across applications (ERP/SAP, Shop-floor, Quality systems), networks, operating systems, and databases. You evaluate security vulnerabilities and coordinate audit scopes with business units and external security experts.
• Risk Management Advisory: Provide IT management with expert guidance on IT risk management, specifically regarding application and infrastructure security. You design risk and control matrices based on in-depth evaluations of underlying business risks.
• SOX & Compliance Testing: Perform and review SOX effectiveness testing of IT key controls. You oversee the testing of IT General Controls (ITGC), application controls, and key reports identified during the walkthrough process.
• Systems Implementation Reviews: Lead pre- and post-implementation reviews of major system enhancements or new global deployments to ensure control integrity from the design phase through to go-live.
• Stakeholder & Relationship Management: Interface with senior managers on issues related to your area of IT expertise. You coordinate with management to formulate action plans and lead follow-up activities to verify the resolution of identified deficiencies.
• Annual Audit Planning: Participate in the formulation of the annual audit plan, defining the scope, purpose, and objectives of IT-specific audits. You act as a liaison to outsourced internal auditors, Celestica’s external auditors and provide IT support to operational auditors.
• Liaison & Influence: Interact with and influence management on significant IT and security issues, ensuring that cost-effective solutions are implemented to improve controls and enhance business operations.

Critical Skills

The ideal candidate for this role will have:

• Advanced IT Control Knowledge: Deep expertise in IT General Controls (ITGC) related to logical/physical security, change management, business continuity, and network layers.
• Technical Infrastructure Knowledge: Strong understanding of complex IT infrastructures, including cloud-based solutions (Google Cloud, Azure, and AWS platforms) and networking (firewalls, routers, active directory).
• Information Security Expertise: Expert knowledge of security standards (ISO-27000 series), frameworks (COBIT, NIST, COSO), and the current enterprise threat landscape as it relates to global manufacturing.
• ERP Proficiency: Strong experience auditing SAP or similar integrated business applications and their interfaces.
• Analytical Problem Solving: Ability to evaluate diverse factors and build business cases to provide high-impact recommendations to senior leadership.
• Communication & Diplomacy: Exceptional ability to communicate findings to "busy" auditees and management with tact, ensuring a collaborative approach to remediation.

Education

• Bachelor’s degree in Computer Science or Information Systems is required.
• CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information Systems Security Professional) designation is required.

Experience

• 6+ years of applicable experience in IT audit, information security, or IT risk management, preferably within a global manufacturing environment.
• Detailed knowledge and testing experience with IT general controls (“ITGCs”) across all layers of technology to include the application, operating system, and database
• Proven track record of managing or supporting IT audits and providing recommendations to senior leadership.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.