Sr. GRC Analyst
Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!
Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.
This role is responsible for leading and driving the compliance initiatives within the IT organization including: Sarbanes Oxley (SOX) 404 compliance (ITGCs, automated business controls/application controls, and reports) and PCI DSS compliance. This will support IT compliance initiatives across all Callaway Golf global brands: Callaway Golf, Topgolf, travisMathew, and Jack Wolfskin. This specific role will be focused on the evaluation information technology general controls that will drive consistency and efficiency in all areas of technology development, integrations, support, and maintenance.
ROLES AND RESPONSIBILITIES
• Perform testing over IT controls and PCI compliance initiatives in a matrixed operating environment. Partner with key application owners to identify gaps in their application relevant IT General Controls, automated business (application) controls, and PCI compliance.
• Provide guidance on alignment of what needs to be completed to ensure full compliance. Actively monitor and report on their progress.
• Serve as the main POC on all IT audits and PCI compliance recertification with 3rd party vendors/audit partners.
• Support Internal Audit and IT Compliance with annual IT audit scoping, controls rationalization, and risk assessments.
• Support and participate in testing, documentation, and review of IT controls in support of SOX 404 and Internal Audits in coordination with Internal Audit, IT Compliance, and 3rd party vendors/audit partners.
• Effectively document and communicate IT deficiencies and gaps to business and IT control owners. Develop realistic remediation recommendations and timelines. Track and report on remediation to Internal Audit, IT and business management. Partner with Internal Audit and IT Compliance to review compliance reports and certifications for 3rd party service providers. Reports include but not limited to SOC-1 (SSAE18) and SOC-2.
• Facilitate and lead working sessions with key application owners, project managers and IT peers to help education on IT general controls and compliance initiatives. This also many involve evaluating projects for potential impacts to ITGCs.
TECHNICAL COMPETENCIES (Knowledge, Skills & Abilities)
• Excellent attention to detail and organizational skills are needed produce quality deliverables and manage deadlines
• Strong analytical and problem solving ability. Must be able to collaborate with IT and business peers on breaking down complex problems into achievable solutions tailored for the business, either by process enhancements or through innovation technology.
• Ability to establish credibility with business and IT stakeholders and become a trusted partner
• Ability to self-define strategic objectives and develop project plan to deliver results within a rapidly growing organization
• Strong IT control competency, solid critical thinking skills and communication/influence skills are needed to drive this initiative
• Ability to analyze and document system processes
• Ability to travel domestically and internationally, approximately 10%
• Demonstrated skills in performing IT audits based on recognized internal control frameworks and governance including ITIL, COBIT, and COSO
• Knowledge and ability to audit a diverse IT environment with multiple operating systems and database platforms
• Demonstrated strong organizational and communication skills to provide tailored communication of status to stakeholders, management, and executives
EDUCATION AND EXPERIENCE
• Bachelor’s degree in management information systems (MIS), computer science, accounting, or other with work experience preferred
• Minimum 4 years’ experience in designing, documenting, implementing, and testing IT control processes in a public company environment as it relates to risks and controls for SOX 404
• Minimum 4 years understanding of core IT processes (e.g., Change Management, System Development Lifecycle, Information Security, IT Operations etc.)
• CISA, CISM, CIA or similar certification preferred
• SAP experience preferred
Callaway Golf is an Equal Opportunity Employer.