Senior IT SOX Auditor

Date: Apr 10, 2024

Location: LAKE FOREST, IL, US, 60045-5202

Company: Grainger Businesses

 Work Location Type: Hybrid 


Grainger is a leading broad line distributor with operations in North America, Japan and the United Kingdom. We achieve our purpose, We Keep the World Working®, by serving more than 4.5 million customers with a wide range of products that keep their operations running and their people safe. Grainger also delivers services and solutions, such as technical support and inventory management, to save customers time and money.

We're looking for passionate people who can move our company forward. We have a welcoming workplace where you can build a career for yourself while fulfilling our purpose to keep the world working. We embrace new ways of thinking and recognize everyone is an individual. Find your way with Grainger today.


Position Details

Reporting to the Manager of IT Global Internal Controls, the Senior IT SOX Auditor (known internally as Senior Information Technology Controls Analyst) will work within the general guidelines provided in connection with Grainger's SOX 404 process. As part of Grainger's Global Internal Controls and SOX (GICS) Team, you will independently evaluate the design and operating effectiveness of Grainger's internal controls over financial reporting (ICFR) as part of the enterprise SOX 404 assessment. Additionally, you will maintain working relationships with the control owners and external auditors. This position is hybrid in nature requiring presence onsite at one of our Lake Forest or Chicago, IL offices 2 to 3 days per week.


You Will

  • Support the IT Global Internal Controls team with the SOX 404 risk assessment and identify important systems that are in scope for SOX 404 purposes and related IT general and application controls and update our SOX 404 internal controls framework accordingly.
  • Review process/controls documentation and perform walkthroughs of in-scope IT general and application controls and assist process/control owners in the Grainger Technology Group (GTG) with the maintenance and preparation of clear, detailed and accurate process/controls documentation for IT general and application controls, including process narratives, flow charts and risk/control matrices.
  • Coordinate the timing and conduct annual IT walkthroughs of controls including coordination with external auditors to identify and assess: risk, materiality, adequacy of audit evidence, and significance of findings.
  • Help resolve issues identified by management and external auditors in their SOX 404 tests of operating effectiveness for IT general and application controls. Prepare and report control deficiencies upon discussion with business owners, collaborate with business owners regarding recommendations to address the cause of issues and report on the status of implementation of management remediation actions.
  • Maintain working relationships with SOX 404 partners in both Grainger's Information Technology and Finance departments and external auditors from Ernst & Young.
  • Help complete administrative activities and the preparation of status reports for the Audit Committee, CIO and others.
  • Help establish training programs as it relates to internal controls/SOX.
  • Keep up-to-date with changes in regulations, governance and best practices. Update testing procedures and templates to ensure any changes in regulations, governance, or best practices are reflected and incorporated into testing.
  • Be an end-to-end ICFR expert in managing multi process programs for the Information Technology applications.
  • Help plan and complete financial, operational and compliance audits throughout the company during SOX slow times.


You Have

  • Bachelor's degree in Accounting, Finance, Business or related degree is required.
  • Professional certification such as Certified Public Accountant (CPA or country equivalent), Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or equivalent experience.
  • Internal or external audit experience within a large company, specifically US companies subject to SOX requirements is required.
  • Theoretical and practical knowledge of processes, risks and internal controls and the application of audit practices (e.g., COSO, COBIT, GAAS) to these areas is required.
  • Experience with IT infrastructure management (e.g. networks, data center operations, service desk, server management) and IT security standards (e.g., access control, system hardening, system audit and log file monitoring, security policies) is required.
  • Experience with testing design and operating effectiveness of IT general and application controls is required.
  • Project management skills; experience working with multi-project management.
  • Big 4 Public accounting experience is preferred.
  • Experience with SAP tools (e.g., SAP ECC, SAP EWM, SAP GRC).



Rewards and Benefits

With benefits starting day one, Grainger is committed to your safety, health and wellbeing. Our programs provide choice to meet our team members' individual needs. Check out some of the rewards available to you at Grainger.

  • Benefits starting on day one, including medical, dental vision and life insurance
  • 6% 401(k) company contribution each pay period with no personal contribution required
  • Employee discounts, parental leave, tuition reimbursement, student loan refinancing, free access to financial counseling, education and more.




Grainger is an equal opportunity/affirmative action employer. We provide equal employment opportunities regardless of race, color, national origin, sex, sexual orientation, gender identity or expression, religion, age, disability status, veteran status, or any other protected characteristic. Our commitment to inclusivity includes offering reasonable accommodations during the hiring process. If you require an accommodation during interviews, please let us know and we will provide the appropriate assistance.