Headquartered in New York City, located in midtown Manhattan on New York’s famed Eastside, our Loews Hotels & Co Home Office teams provide support to all our properties throughout the United States and Canada. Our talented teams provide guidance over strategic planning, operations, revenue management, communications, marketing, finance, human resources, and information technology. Position Summary Reporting to the Vice President (VP) of Internal Audit, the Information Technology (IT) Audit Manager will be responsible for all information technology (IT) focused audit responsibilities for the department consisting of leading and managing Sarbanes-Oxley (SOX) compliance audits over IT general controls (ITGCs) as well as, operational IT audit processes and procedures for Loews Hotels. This will include, but is not limited to, partnering with the VP of Internal Audit to perform annual risk assessments to develop the annual risk-based audit plan, evaluating the adequacy and operating effectiveness of internal controls by conducting audits of all business units (i.e., corporate/home office, hotel properties, and the shared service center), communicating audit recommendations to remediate audit issues or concerns identified, and providing IT advisory and assurance services to improve internal controls, operations, risk management, and compliance. Further, the IT Audit Manager will successfully establish positive working relationships with key internal and external stakeholders at all levels, including Executive and Senior Leadership, Loews Corporation Internal Audit, co-source partners, and external auditors. Essential Functions and Responsibilities Supports the VP of Internal Audit with developing, leading, and managing the Internal Audit function as follows: Provide independent, objective IT assurance and advisory services to assess, evaluate, and validate the design and operating effectiveness of internal controls, while also adding value towards continuous process improvement opportunities within the organization. Lead and manage the planning, fieldwork, and reporting phases of IT compliance audits (including the review of quarterly IT SOX compliance certifications and completion of annual IT SOX compliance audits as required by SOX 302 and SOX 404, respectively) across the organization. Participate in the Annual Audit Risk Assessment and Enterprise Risk Management (ERM) processes, including understanding standard operating procedures and risk management policies, IT security and governance policies, interviewing key internal stakeholders, reviewing control self-assessments (CSAs) completed by hotel management, and analyzing financial data and information, which will help define annual risk-based audit plans. Share input and ideas towards developing audit risk and control matrices, mapping/documenting processes and procedures (e.g., flow charts and walkthrough narratives), and creating/enhancing audit methodologies and strategies. Perform detailed IT audit testing procedures during the fieldwork phase, while maintaining supporting audit workpapers, and thoroughly documenting any audit results and issues identified. Clearly and timely communicate audit results and significant findings to the VP of Internal Audit, process owners, and senior management, and effectively advise on audit recommendations and corrective action plans to remediate issues. Assist with drafting formal audit reports and presentations that will be communicated to the Audit Committee, Executive and Senior Leadership team members and all other related key stakeholders. Partner with the IT Security and Governance team to assess and evaluate all IT general controls (ITGCs), as well as to complete special projects involving Cyber Security, Data Governance & Classification, Service Organization Controls (SOC) Reviews, System Implementations, Payment Card Industry Data Security Standards (PCI DSS) Compliance, etc. Collaborate with the IT Business Intelligence team to design data analytics for continuous monitoring and automated audit testing by leveraging available analytical tools and resources. Hire, train, coach, and develop new staff and senior internal auditors. Co-lead and manage internal and external parties (e.g., co-source partners) to conduct planned audits. Coordinate with external auditors for interim and year-end financial statement audits, as necessary. Required Qualifications Bachelor’s or master’s degree in accounting, finance, or IT related field. A minimum of six years of external or internal audit experience with working knowledge of and skill in applying Generally Accepted Accounting Principles (GAAP), Generally Accepted Auditing Standards (GAAS), Institute of Internal Auditors (IIA) Standards, SOX Compliance Requirements, Cyber Security Framework Standards (e.g., National Institute of Standards Technology – NIST), PCI DSS, etc. Extensive understanding of internal controls and risks with the ability to recognize significant control issues and risk exposure across the organization. Experience assessing IT risks (including SOX), and evaluating the adequacy, design, and operating effectiveness of ITGCs. Strong understanding of IT security, governance, network, and infrastructure processes and procedures. Familiarity with utilizing data analytics tools to gain full coverage of audit population and automate auditing procedures. Proven track record of successfully managing and leading staff and senior internal auditors to effectively and sufficiently complete audit assignments and timely report on results. Excellent communication skills (verbal and written) in interactions with team members at all levels, including direct reports, business/process owners, Senior and Executive Leadership, Audit Committee, etc. Ability to work independently or in a team-oriented environment while building relationships across functions, management levels, and with external parties. Ability to organize workload, multi-task, adapt quickly to change, and deliver under pressure in a fast-paced environment with defined deadlines. Proficiency in Microsoft Office applications (e.g., Word, Excel, PowerPoint, Visio, etc.). Ability to work a flexible schedule and travel up to 40%. Preferred Qualifications Combination of Public Accounting (external audit) and Internal Audit experience. IT audit experience at a company within the hospitality, restaurant, and retail industries Experience assessing risks and internal controls over financial, operational, and compliance processes and procedures Willingness and ability to manage and perform integrated audits consisting of financial, operational, IT, and compliance auditing procedures. Knowledge of systems and applications such as, Oracle Enterprise Resource Planning (ERP), Workday Human Resources Information System (HRIS), Opera Property Management System (PMS), etc. with the ability to utilize system reports for audit testing and data analytics. Actively pursuing or possessing a license or certifications.