Job Description

General Responsibilities

OUR COMPANY

* Hertz Global Holdings is a Fortune 300 organization that operates the Hertz, Dollar, Thrifty and Firefly car rental brands.
* More than 10,300 corporate and licensee locations throughout 150 countries in North America, Europe, Latin America, Asia, Australia, Africa, the Middle East and New Zealand, Hertz is the largest worldwide airport general use car rental company with more than 1,600 airport locations in the U.S. and more than 1,300 airport locations internationally.
* Product and service initiatives such as Hertz Gold Plus Rewards, NeverLost, Carfirmations, Mobile Wi-Fi and unique vehicles offered through the Adrenaline, Dream, Family, Fun, Green and Prestige Collections set Hertz apart from the competition.
* Additionally, Hertz owns the vehicle leasing and fleet management leader Donlen Corporation and
* sells vehicles through its Rent2Buy program.

Purpose

As we transform our Internal Audit organization, we have an exciting leadership opportunity for a talented and experienced audit professional to join our team! The right candidate will be a proven results-oriented leader who thrives in a fast-paced environment that is driving high-profile technology-dependent initiatives (internal and customer-facing), changing business models, and improved efficacy and maturity in compliance and cyber-related focus areas. In addition, the candidate will be detail-oriented while understanding the big picture and have the skills necessary to influence people in a fast-changing company. The position, which reports to the SVP/CAE, provides operational/technical leadership and management to a team of individuals. This position will be part of an integrated team that expects collaboration, flexibility, resourcefulness and attention to detail.

The Global Audit Director - IT & Cyber will lead our global Internal Audit IT operations. This includes the team and organization, relationship building, planning, operations, reporting and communication, and IA modernization. Typical areas of focus will include system implementations, digital transformations, cyber program initiatives, data governance & privacy, BCP/DR, TPRM, IT asset management, and IT SOX compliance. Viable candidates will have hands-on experience:

* identifying and evaluating technology, cyber and compliance risks in new and existing systems,
* advising on and evaluating the design of governance & internal controls,
* developing a properly prioritized and agile risk-based plan to assess the effectiveness of program design, controls, and monitoring (including application of analytics and other tech solutions), and
* building and overseeing teams to efficiently execute the plan, drive results, and communicate effectively with key stakeholders, both through informal conversations and formal reports.

The Global Audit Director - IT & Cyber will be responsible for keeping the CAE informed of important technology, cyber and compliance audit activity and working collaboratively with the IA leadership team to proactively consider broader business implications and audit considerations. They will be responsible for drafting related presentation materials to be included in communication with the Audit Committee and executive management. This role also assists with enterprise risk assessments and audit planning, provides advice and counsel on new technology, initiatives, and services under development from a governance and internal controls perspective, is responsible for coordinating IT audit activities with the external auditors, and oversees IT general controls and security Sarbanes-Oxley (SOX) testing.

Responsibilities

* Lead global Internal Audit IT operations (team and organization, relationship building with IT leadership, planning, scoping, budgeting, operations, reporting and communication) and IA modernization initiatives (including analytics, intelligent automation, IA enablement tools, etc.)
* Develop an understanding of the industry and organization business processes, goals, and strategy in order to provide sound analysis and interpretation of IT risks and Technology challenges.
* Advise stakeholders on leading practices and adapt the IA plan accordingly (with proper risk-based considerations and broader IA leadership team collaboration), particularly regarding governance and controls regarding key risks to new system implementations, digital programs, cyber program management and related initiatives, SOX compliance optimization, etc.
* Provide in-depth technical guidance for IT audit practices, IT General Controls (ITGCs), and SOX to the global IT audit team.
* For non-IT led audits (e.g. operations, financial, etc.), proactively partner with those audit managers and director to assist in assessing areas of risk requiring IT audit procedures and support those teams in developing the right approach and with supporting resources and/or guidance as appropriate.
* Develop a properly prioritized and agile risk-based plan to assess the effectiveness of program design, controls, and monitoring (including application of analytics and other tech solutions), and ensure the scope, approach, methods, and procedures are sufficient and efficient to accomplish the audit purpose, focus, and objectives.
* Identify and evaluate technology, cyber and compliance risks in new and existing systems and oversee the execution of IT audit and advisory plan/program based on risk and impact to the business, across various applications, technologies and related business processes and monitor completion of planned actions.
* Support departmental transformation with pilots of new processes and audit responses.
* Build and oversee the right IT audit team to efficiently execute the plan, drive results, and communicate effectively with key stakeholders, both through informal conversations and formal reports.
* Lead SOX/ICFR Section 404 ITGC, SOC reports, and application testing, from risk assessment and planning through to final testing, aggregation of deficiencies and reporting. Also, support other SOX/ICFR testing, e.g. IPE and complex models and identify, evaluate, and monitor the remediation of control deficiencies.
* Assist Accounting with SOX scoping and risk assessment by collaborating with cross-functional teams and stay current on significant changes that may impact the design and/or operating effectiveness of controls.
* Coordinate Internal Audit's efforts with management (primarily Accounting, Finance, and IT as well as related third-parties) and the external auditor (nature, timing, approach, etc.), to optimize engagement economics and quality deliverables for the SOX/ICFR program throughout the year.
* Educate Business Process and Information Technology control owners by leading training sessions and focus sessions to demonstrate compliance requirements and share hot topics in SOX compliance.
* Lead special projects as directed by CAE.
* Act as a department liaison to various IT department, business functions, and committees as determined by CAE.

Essential Requirements

Qualifications

* 10+ years of experience in Big Four and/or IT internal audit department, preferably with large public company clients, or 15+ years of experience in IT operations, security, and implementations. Should show roles with increasing levels of responsibility, including successfully leading experienced and high-performing teams to execute complex projects in challenging environments.
* Bachelor's in MIS or Computer Information Technology or related field, or Business Administration with a systems related minor is required; Masters degree desirable.
* Certified Information Technology Auditor (CISA), CISSP, CISA CPA, and/or CIA certification is required.
* Proven IT/SOX/Compliance audit and advisory expertise, with ITGC and SOCR reliance (including SD remediation), required.
* Experience in the broader technology and cyber fields such as system implementations cyber/NIST, digital, BCP/DR, data management/privacy, GRC, TPRM, and technology asset management.
* Applied knowledge of key frameworks, including COSO Internal Controls, NIST, COBIT, and agile.
* Experience establishing a data analytics IA program and building the team's digital mindset.
* Strong technical ERP and financial systems knowledge, e.g. Oracle, Hyperion, and Blackline.
* Ability to think critically, make assessments, and develop conclusions.; strong analytical & solutioning skill
* Excellent relationship, teaming, speaking, presentation, communication, and report writing skills.
* Results driven; manage multiple priorities and meet deadlines.

Travel Requirements

* Willing to travel 15-25%

o Hertz is a Drug-Free Workplace. All employment is contingent on successful completion of drug and background screening.

o Hertz is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity or expression, marital status or domestic partnership status, disability, protected veteran status or military status, genetic information, or any other category protected under applicable law. Hertz is committed to taking affirmative steps to promote the employment and advancement of minorities, women, persons with disabilities and protected veterans.