The Group:

Reporting to the Board of Directors, Morningstar's Internal Audit Services is an independent, objective assurance and consulting activity designed to add value and improve the company's operations. Internal Audit Services helps the company accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The Role:

Morningstar's Internal Audit Services seeks a highly motivated Senior IT Internal Auditor who thrives on new experiences and challenges. As a Senior IT Internal Auditor, you will play an integral role in evaluating the company's information technology and information security processes and effectiveness of internal controls. You will have the opportunity to work on a variety of operational, information technology, and compliance reviews as well as evaluate the effectiveness of internal controls over external financial reporting as part of the company's Sarbanes-Oxley Section 404 compliance activities. The position is based at the company's headquarters in Chicago. You will work closely with all levels of management across the organization, recommending changes to strengthen controls for increased efficiencies and reduced risks. The Senior IT Internal Auditor will have the opportunity to utilize and reference world-class audit tools and audit methodologies in the performance of his or her duties.

Job responsibilities:

• Assist with the planning, management, and execution of operational, information technology, and compliance-related reviews.
• Perform walkthroughs of complex information technology and information security processes and test the design and effectiveness of internal controls.
• Document work and assist in the preparation of observations and recommendations for corrective action.
• Supervise audit staff and external consultants, review workpapers, and provide appropriate coaching and feedback.
• Effectively apply the COSO internal control framework, COBIT IT governance framework, NIST Cybersecurity framework and IIA International Professional Practices Framework.
• Serve as a consultant and business partner with management.

Qualifications:

• Action-oriented, self-starter with strong verbal and written communication skills.
• Comfortable working both independently or in teams and working within a complex environment.
• Ability to diagnose problems, determine root causes, and recommend solutions to complex challenges.
• Strong understanding of information technology general computer controls, system development life cycle, and IT auditing techniques; including a broad knowledge of IT technologies, operating systems, databases, and application platforms.
• Knowledge of recognized IT audit and governance frameworks such as COBIT, ITIL, NIST, ISO, etc.
• Undergraduate degree in accounting, information technology, management information systems, or a related field.
• Four or more years of internal or external audit experience assessing information technology/security controls and/or internal controls over financial reporting.
• Proven ability to manage people and projects, and actively develop team members.
• Willingness to travel to domestic and international offices.

Nice to have:

• Experience in working for a Big 4 or Tier-Two public accounting firm preferred.
• Knowledge of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) is a plus.
• Experience performing data analytics and using data analysis or automated audit software is a plus.
• Professional accreditation (e.g., CIA, CISA, CPA) is a plus.

Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.