This job has closed.

Sherwin-Williams · 1 day ago

Lead IT Security Auditor

Cleveland, OH

Full-time

Hybrid

Senior Level, Lead/Staff

$88K/yr - $112K/yr

4+ years exp

Sherwin-Williams is a company focused on inspiring and improving the world through their products. As a Lead IT Security Auditor, you will strengthen the organization's cybersecurity posture and IT risk management capabilities by leading a team of IT Auditors, conducting audits, and collaborating with various stakeholders to enhance security and compliance.

ChemicalManufacturingSales

No H1B

Responsibilities

Lead and Execute IT Security Audits

Conduct audits focused on IT security risks, including network security, application security, endpoint protection, identity and access management (IAM), data protection, vulnerability management, operational technology (OT) security, risk management, data privacy, and threat intelligence/incident response

Evaluate the effectiveness of cybersecurity controls and identify opportunities to enhance controls across infrastructure, applications, and cloud environments

Collaborate with IT, InfoSec, and compliance teams to ensure alignment with regulatory requirements (e.g., NIST, ISO 27001, SOX, HIPAA)

Develop and execute risk-based audit plans and procedures tailored to emerging threats and technologies

Prepare detailed audit reports with actionable recommendations for risk mitigation and control enhancement

Monitor remediation efforts and validate corrective actions taken by management

Stay current with cybersecurity trends, threat intelligence, and evolving regulatory landscapes

Support enterprise risk assessments and contribute to the development of the organization’s risk management strategy

Support the annual Sarbanes-Oxley (SOX) compliance program

Stay up to date on current guidance and methodologies and implement best practices to streamline approach to reduce costs and improve efficiencies

Assist in the completion of ITGC and business process walkthroughs including the preparation and review of supporting documentation to meet internal and external deadlines

Work independently with IT and the business to understand application systems, business processes, resolve issues and communicate findings

Understand SW’s divisions and in-scope IT applications, including key data flows, in order to continuously identify opportunities for compliance improvement

Consult with key process and control owners on ITGCs, application controls, and IPE considerations for key systems within the organization

Responsible for training and developing IT Auditors

Supervise daily work of approximately 1-2 IT Auditors

Develop IT Auditors through coaching and mentoring

Develop IT Auditors through effectively delegating IT audit tasks and providing guidance/learning opportunities

Provide performance feedback, training and performance reviews

Manage field work, inform supervisors of the IT audit engagement status and manage IT Auditors performance

Foster an efficient, innovative and team-oriented work environment

Departmental Planning

Meet with Department Managers on a regular basis to stay informed of current projects, future projects, and to address management’s concerns

Participate in recruiting efforts as needed

Personal Career Development

Develop and maintain productive working relationships with company personnel, assess audit clients' satisfaction and proactively maintain contact with the audit client throughout the year

Use technology and resources to continually learn/share knowledge with team

Adhere to the highest degree of professional standards and strict confidentiality

Attend professional development and training sessions on a regular basis

Qualification

Cybersecurity frameworksRisk assessment methodologiesControl evaluation techniquesCISSPCISAAnalytical skillsReport-writing skillsMicrosoft OfficeCommunication skills

Required

Bachelor's Degree from an accredited institution is required

4 years of prior work experience in cybersecurity, IT audit, or consulting at a Big 4 firm or a similarly regulated public company is preferred

Must be legally authorized to work in the United States without company sponsorship

Strong understanding of cybersecurity frameworks, risk assessment methodologies, and control evaluation techniques

Excellent analytical, communication, and report-writing skills

Ability to work independently and manage multiple priorities in a fast-paced environment

Understanding of internal control testing in a team-based environment

Intermediate knowledge of Microsoft Office tools (Word, Excel, PowerPoint)

Excellent written and verbal communications, with the effective use of active listening and interviewing skills

Must have ability to travel up to 10% of time (domestic and international)

Preferred

Bachelor's Degree from an accredited institution in Business, Management Information Systems, Computer Information Systems, Cybersecurity, Computer Science, or IT

Advanced degrees or certifications (CISSP, CISM, CRISC, CISA, SANS GIAC etc.)