"Alerted.org

8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238

CarMax, the way your career should be!

About this job

Are you collaborative, self-motivated, and seek opportunities for innovation and continuous improvement? Do you listen with intent to understand problems and provide valuable business insights and impactful solutions? Do you enjoy a variety of work at a company that has a strong mission, purpose and values?

Great! Keep reading to learn more about joining our CarMax Audit Services team as Principal Technology Auditor.

This role will broadly support the CarMax Audit Services team through the development and execution of the department’s audit plan. This is a unique opportunity to build a strong understanding of CarMax’s technology and business processes as well as partner with teams throughout the organization in both an audit and advisory role. The variety of work provides ample opportunity to learn, grow, and mentor others and includes reviews of technology processes, applications, and infrastructure; system implementations; emerging risks in areas such as security, privacy, artificial intelligence; and other operational audits and reviews of processes, policies and procedures. The Principal Auditor in Technology serves as a subject matter expert (“SME”) on complex projects, supports the development of technical skills of other auditors, and provides advisory risk management support.

What you will do – Essential Responsibilities

As a Principal Technology Auditor, you’ll wear many hats such as thought leader, risk champion and advisor, project manager, coach, and brand ambassador. In all instances, you’ll leverage your broad experience with audit and consulting activities at a technology intensive organization to deliver results and partner with senior levels within the organization to enhance awareness and understanding of risk, controls, and risk mitigation best practices. Technical expertise and collaboration are key to achieve outcomes in this ever changing, fast-paced environment.

Here are a few of the ways you’ll drive value at CarMax:

**Provide assurance:** Execute and lead high-impact technology audits and reviews of various regulatory, operational and/or technological processes and controls, including integrated audits.

**Collaborate as a trusted Risk Advisor:** Consult with a risk-based mindset across the organization to provide clear, strategic insights, guidance, and assurance to senior leaders throughout pre-implementation reviews, company initiatives, and other process and system enhancements as requested by the business; ensure controls are implemented to mitigate risks (operational, regulatory, reputational, strategic, and financial risk)

For each of the above, you will:

+ Focus on areas of higher complexity, where deep experience and technical expertise is warranted, without close supervision or direction from CAS management.

+ Partner with technology and initiative teams to stay informed on new product pipelines and initiatives, evaluate risks, and provide guidance on controls.

+ Use and develop critical tools such as risk assessments, audit programs, and testing/review procedures so you can identify risk, tailor work appropriately, reach conclusions, and explore solutions.

+ Lead and execute fieldwork to prepare high-quality workpapers summarizing procedures performed.

+ Maintain strong business relationships and coordinate cross-functionality to align on risk, scope of work and results.

+ Promote innovative and forward-looking problem solving to target root cause; provide recommendations contributing to operational excellence.

+ Leverage your creativity to organize and present key project information through a variety of communication methods and tools, focusing on high-impact, high-value deliverables.

**Provide technical guidance and assistance:** Serve as a technical SME across the Audit Services department and provide highly technical expertise and guidance to Audit Services team members as it relates to specific technologies and audit techniques.

+ Help lead the research and analysis of emerging technology and technology/cyber/data-related regulatory standards. Partner with technology management and other business partners to assess the impact of the technologies, tools and changing regulations (as applicable) on Audit Services and CarMax.

+ Support the development and execution of training materials/content within the department and to external business partners, as needed to help implement the team’s strategic priorities.

+ Provide technical knowledge and direction in the assessment of risk and development of audit scoping for very complex projects.

You will also **f** **oster an environment of continuous improvement** by:

+ Championing a culture of risk awareness and internal controls. You will provide innovative and value-added insights to drive improved process efficiency and effectiveness for CarMax.

+ Staying abreast of key changes, trends, and best practices within CarMax, the audit profession, the technology industry, and relevant regulatory environment. Support the development of other CAS associates in emerging technology/risk areas to grow and mature the Audit Services team.

+ Take a lead role in department initiatives to identify efficiencies and improvements in work execution and internal processes.

What’s In It for You?

CarMax takes care of our associates so you can show up at your best, both inside and outside of work.

+ We offer many remarkable benefits and incentives ranging from a **_highly competitive compensation package_** (e.g., 401k + company match, bonus/stock, medical, tuition reimbursement) **_to several well-being offerings_** (e.g., flexible time away policy, on-site gym and cafeteria, various insurance offerings).

+ Further, one of CarMax’s core values is _Put People First_ . We understand you have priorities outside of the office, and when joining our Audit Services team, you can count on **_strong work/life balance._** There are also countless **_learning and growth opportunities_** that come from activities such as networking with a variety of teams across the business, engaging in a variety of projects, and participating in CarMax development programs.

+ Finally, we like to have **_fun_** , whether this be celebrating our internal team accomplishments, participating in the wealth of company activities (e.g., yoga, quarterly communications meetings, breakfast with leadership), or giving back to our communities through hands-on service.

Work Location and Arrangement: This role will be based out of the CarMax Home Office in Richmond, VA and have a Hybrid work arrangement. _Associates based in Richmond work_ _onsite_ _5 days per week._

Work Authorization:  Applicants must be currently authorized to work in the United States on a full-time basis. Sponsorship will not be considered for this specific role.

Qualifications and Requirements

_Who you are_

You are **genuinely inquisitive** . You want to understand key components of a process and you leverage the right questions and tools to absorb and analyze facts, identify problems, and recommend improvements.

You’re **technologically savvy.** You lean into technology, innovation, and data – seeking ways to incorporate automation and analytics to advance our audit techniques and make recommendations for the company to evolve their process.

You are a **teacher and a mentor** . You’re knowledgeable of leading technology innovations and emerging risks and regulations. You like to coach team members to adapt to the changing technology and risk environment.

You’re **organized and work independently** . You have a knack for **planning and execution** – from the initial identification of objectives to structuring a work plan for execution. This sets you up for success when managing multiple projects concurrently to meet deadlines and deliver on customer commitments.

You **communicate clearly and persuasively** – both in written and verbal scenarios up to the executive level. Not only does this help you effectively convey your message in various settings, but it also helps showcase your subject matter expertise and drive consensus in decision-making.

And if all of that was not enough, you also **model and encourage teamwork, inclusion, and diverse viewpoints** . These leadership traits allow you to motivate and persuade others (including associates in Audit Services and business partners across the organization), even without authority.

_Additional skills and experience you bring to the table:_

+ Bachelors degree, preferably in Computer Science, Accounting Information Systems, Accounting/Finance, or other related business field

+ 8+ years of information systems auditing experience or technology risk management/consulting experience, preferably at a large consulting firm or public company

+ Previous experience leading internal audit engagements, including project management capabilities

+ Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC)

+ Significant experience with the following areas, with limited to no oversight:

+ performing risk assessments, scoping activities, test planning, and walkthroughs in support of complex IT audit projects

+ assessing the design and operating effectiveness of technology controls, including testing complex ITGCs across a variety of technologies/systems and across all layers of technology to include the application, operating system, and database

+ SOX 404

+ evaluating processes to identify controls and the associated system dependencies; proven ability to clearly document and articulate such information to other stakeholders

+ performing system development and implementation reviews, including experience with Agile methodologies

+ testing business process automated controls, and testing completeness and accuracy of reports and system integrations

+ Experience working with complex technology systems and processes; proven experience summarizing complex information into easy-to-understand pieces

+ Working knowledge and experience with cybersecurity and privacy regulations; ability to summarize evolving regulations, industry trends, and risks and the impact to CarMax

+ Strong knowledge and demonstrated ability to apply control and technology frameworks and methodologies (e.g., COSO, COBIT, NIST, ISO)

+ Strong understanding of traditional and emerging technology domains, including cybersecurity, privacy, data governance, cloud, infrastructure, networking, data warehouses, integration strategies, IT operations, IT risk management, and IT governance

+ Experience with tools and technologies to facilitate fieldwork (SQL, Alteryx, Python, etc.)

Skills and experience a plus:

+ Use of robotic process automation (RPA) and artificial intelligence (AI) to enhance audit efficiency, improve risk detection, and deliver actionable insights

About CarMax

CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.

Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.

CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.

Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.