IT & SOX Auditor

about the role
Mission
Within the Entity's scope, the missions are:
- Deploy the IT domain ELC questionnaire to the services responsible for governance, planning, development, and operations of the Entity's Information System.
- Gather tangible evidence to assess the maturity of practices and thus respond clearly and concisely to the questionnaire.
- Provide evaluations, through the tool used for this purpose (UI360), to those responsible and/or informed, including the Group Domain Leader.
- Issue recommendations after analyzing findings, prioritizing those of auditors, to improve existing practices.
- Propose solutions to the concerned Departments for addressing findings, with the support of the Entity's Management and the Group Domain Leader.
Within the scope of applications, the missions are:
- Familiarize with the applicable references: rules, procedure sheets, business process sheets, best practices, and professional standards.
- Utilize existing reference documentation: previous audit report, quality manual, minutes of the last management review, reporting (dashboard indicators)...
- Analyze the characteristics of different structures: history, organization, development strategy, management system, evaluate strengths and weaknesses, risks of malfunction.
- Conduct internal audits of subsidiaries at the request of Management (situation diagnosis, identification of weaknesses, tests, recommendations).
- Draft the audit plan: mission scope, stakes, objectives, choice of auditees, documentary references, program (date, duration, locations), applied working method.
- Suggest and propose all measures to be taken considering the audits conducted.
- Work according to SOX standards in the context of presentation and summary documents.
- Maintain the control system in compliance with SOX standards.
- Maintain all control activities on TOP SOX and peripheral applications.
- Draft and update SOX processes (at operational, financial, IT governance levels) with a risk-based approach (description of financial and operational risks, as well as internal controls in place to cover them).
- Test the operational effectiveness of internal controls: ensure compliance with internal rules and policies, assess operational, financial, and/or compliance risks, and detect anomalies.
- Draft reports, formulate concrete recommendations, and follow up on their implementation.
- Identify and disseminate best practices in internal control to improve the internal control system and make it globally coherent.
- Prepare periodic Flash reports for the Group's Internal Audit department.
- Make recommendations to Management and follow up on their implementation.
- Participate in cross-functional projects.
- Coordinate the SOX process.
- Draft and update internal audit processes.
- Keep up with legislation to stay informed of any changes, laws, and new rules concerning internal audit.
- Ensure that documentation and tests comply with audit standards and meet analysis objectives.
- Communicate with the Group's compliance and risk committee.
- Work with external auditors to assist them in their quarterly and/or year-end reviews.
- Manage SOX planning and deadlines.
- Support teams in implementing controls.
about you
Technical and Interpersonal Skills
- Academic background: Bachelor's degree in information system or equivalent
- Experience in auditing IT processes and IT security
- Experience in SOX audit
- Experience in a Project-based work organization
- Analytical and synthesis skills
- Objectivity and perspective to better evaluate practices deployed in the entity
- Risk management
- Coordination and animation of actors, contributors
- Monitoring and Reporting
- Proficiency in English, French is a plus
additional information
Job Purpose
The Group's governance relies, among others, on 12 control environment domains that form the foundation of internal control. These domains are integrated into the framework deployed under the American financial security law "Sarbanes-Oxley" (SOX). As such, the IT domain contributes to the good governance of Orange; the associated policies and principles are deployed across the Group's entities. Best practices in IT are described in the "Orange Internal Control Book" (OICB), which serves as the reference for Internal Control.
department
Chief Technology Info Office
Orange Business manages and integrates the complexity of international communications, freeing our customers to focus on the strategic initiatives that drive their business. Our extensive experience and knowledge in global communication solutions, together with our understanding of multinational business and local support in 166 countries and territories, ensure that our customers receive a consistent, global solution wherever they do business