Senior IT Internal Auditor

Overview

Shift4 (NYSE: FOUR) is boldly redefining commerce by simplifying complex payments ecosystems across the world. As the leader in commerce-enabling technology, Shift4 powers billions of transactions annually for hundreds of thousands of businesses in virtually every industry. For more information, visit www.shift4.com.

POSITION SUMMARY

The Senior IT Internal Auditor will play a critical role in supporting the company’s global SOX 404 compliance program, with a specific focus on IT General Controls (ITGCs), automated application controls, and system interfaces that impact financial reporting.

This role will plan, execute, and report on IT SOX testing across critical systems (e.g., Oracle Fusion, NetSuite, Okta, Blackline, MuleSoft), assess the design and operating effectiveness of IT-dependent controls, and ensure full alignment with PCAOB, COSO, and IIA standards.

This is a hands-on audit execution role within a mature SOX environment requiring strong collaboration with IT leadership, business process owners, external auditors (PwC), and an interim third-party co-sourcing provider to maintain a sustainable, high-reliance control structure.

This is a hybrid role based in our Center Valley, PA office.

MAJOR TASKS, RESPONSIBILITIES, AND KEY ACCOUNTABILITIES

• Lead the planning and execution of IT SOX testing, including ITGCs (access management, change management, computer operations) and automated application controls supporting financial reporting.

• Collaborate with Internal Audit leadership in defining the annual SOX ITGC audit plan, ensuring alignment with enterprise risks and external audit reliance strategies.

• Evaluate the control design and operating across applications, databases, and infrastructure layers relevant to ICFR.

• Partner with external auditors (PwC) to coordinate testing activities, ensure timely evidence delivery, and support reliance on IT control testing.

• Perform system walkthroughs with IT owners to validate process flows, system configurations, and key dependencies related to SOX key controls.

• Test automated and IT-dependent controls, verifying report completeness and accuracy through system queries, metadata analysis, and data validation procedures.

• Assess remediation actions for control deficiencies, provide recommendations, and follow up on corrective measures to ensure effective control.

• Document audit work in compliance with IIA and PCAOB standards, ensuring completeness, accuracy, and clarity in workpapers.

• Support integrated audits by coordinating with business process auditors to assess the combined impact of IT and operational controls.

• Participate in IT risk assessments to evaluate emerging risks from system changes, new implementations, cybersecurity threats, and data integrity issues.

• Conduct or support special IT reviews, including system migrations, segregation of duties (SoD) analyses, and security configuration audits.

QUALIFICATIONS

Required:

• Bachelor’s degree in information systems, Computer Science, Accounting, or related field.

• 3–5 years of experience in IT audit, SOX compliance, or IT risk management within a public company or public accounting firm.

• Strong understanding of SOX 404 requirements, COSO 2013 framework, and PCAOB AS 2201 standards.

• Working knowledge of ITGC domains (access, change management, IT operations) and IT application control testing.

• Proficiency with key financial systems such as Oracle Fusion, NetSuite, BlackLine, Okta, and experience in testing system-generated reports for completeness and accuracy.

• Strong analytical, organizational, and communication skills; ability to work effectively with IT and business stakeholders.

Preferred:

• Professional certification(s): CISA, CIA, or CISSP (in progress or obtained).

• Experience with audit management software (e.g., AuditBoard, Workiva, SOXHUB) and data analytics tools (e.g., SQL, Power BI).

• Background in payment processing, fintech, or financial services industries.

• Experience auditing cloud-based environments and automated control frameworks (e.g., AWS, Azure).

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.