Director of IT Internal Audit

As Director of IT Internal Audit, you will have the responsibility of supporting the SVP of Internal Audit on the execution of the strategy and for day-to-day activities of the Internal Audit and Sarbanes Oxley related to IT systems and controls, with a specific focus on technology, SOX compliance, ISO standards, and cybersecurity. This role is critical in ensuring that the company’s IT infrastructure, processes and controls meet regulatory requirements, operational efficiencies and protect Hagerty brand; particularly within the insurance regulatory environment and non-insurance business (i.e., media, auctions and events).

The Director of IT Internal Audit will plan, conduct fieldwork, report on internal audit engagements and provide guidance and coaching to IT audit team members. In this role you will collaborate with audit leadership is develop annual risk assessment and plan, budgeting, preparation for audit committee presentation and lead the daily execution of the IT SOX and Audit plans including resource allocation, administration, testing and reporting.  

Internal Audit Services at Hagerty is continuing to mature to provide high value, independent, proactive insights, to innovate with technology, and to develop and be a source of top talent, offering an atmosphere for both personal growth and professional growth. The scope includes, but is not limited to, all finance and accounting, vendor management, IT, HR and Risk Management.

The position will be a critical risk partner within the organization while maintaining independence and will ensure that the engagement IT audit staff is performing in accordance with industry best practices, regulatory requirements and company policies and procedures.

Ready to get in the driver’s seat? Join us! 

What you’ll do

Audit Planning and Execution:

• Develop and implement a risk-based IT audit plan that addresses the highest risk and complexities facing the organization including evaluation of core strategic initiatives.
• Evaluate resource allocation throughout the year to effectively and efficiently.
• Conduct IT audits focusing on IT governance, application controls, cybersecurity, data privacy, and compliance with SOX and relevant ISO standards (such as ISO 27001).
• Support risk based integrated audit approach when existing enterprise-wide audit engagement.
• Evaluate the adequacy and effectiveness of IT controls, including those related to financial reporting (SOX), data integrity, security standards, and operational continuity.

Technology and Cybersecurity Oversight:

• Assess and audit the company’s cybersecurity measures, particularly those protecting sensitive customer data and financial transactions in insurance and lending platforms.
• Review the security and integrity of IT systems supporting auction car sales, including payment processing, customer data protection, and online auction platforms.
• Provide guidance on adopting and maintaining industry best practices in cybersecurity, ensuring compliance with regulatory requirements.

SOX Compliance:

• Collaborate with business and financial audit leaders to develop ensure there is a unified SOX 404 approach.
• Ensure IT controls are designed and operating effectively to meet SOX 404 requirements, particularly those affecting financial reporting and data accuracy.
• Collaborate with the finance and IT departments to evaluate and test IT general controls (ITGCs) and automated controls within financial applications.
• Support external auditors in their assessment of the company’s SOX compliance, addressing any identified control deficiencies.
• Direct day to day aspects of the Company’s SOX Program as it relates to IT with implementation the longer a long-term vision of transition core testing and administrative activities to management. 
• Develop Sarbanes Oxley IT policies, procedures, and work standards by applying the appropriate SOX methodologies using SEC requirements and PCAOB guidance.

Regulatory Compliance:

• Ensure IT audit activities align with regulatory requirements specific to the insurance industry, such as those mandated by state insurance departments and the NAIC.
• Audit IT systems and processes to ensure they support compliance with lending regulations, including those related to consumer data protection and financial transactions.
• Monitor emerging regulations and industry standards that impact IT controls and adjust audit plans accordingly.
• Lead internal audits and gap assessments to identify areas for improvement in ISO compliance, particularly in IT processes supporting regulated financial activities.
• Incorporate annual internal audit requirement related to NYDFS, ISO, SOX or other regulatory requirements when development annual audit plan and engagement programs.

Stakeholder Collaboration:

• Engage with senior management to communicate IT audit findings, risks, and strategic recommendations, with a focus on enhancing IT governance and security.
• Work closely with the IT department to understand the technical environment and provide insights on mitigating risks related to new technologies or changes in the IT landscape.

Team Leadership and Development:

• Lead and develop a team of IT auditors, providing coaching and professional development opportunities to enhance their technical and audit skills.
• Foster a collaborative and innovative culture within the internal audit team, encouraging the adoption of new audit tools and techniques.
• Ensure the team stays current with emerging IT audit trends, regulatory changes, and best practices in cybersecurity and IT governance.
• Collaborate with IA leadership team on development of internal audit budget.

Reporting and Documentation:

• Prepare comprehensive audit reports that clearly articulate findings, risks, and actionable recommendations for IT, finance, and business leadership.
• Responsible for review of IT audit work papers to verify quality of work, ensuring compliance with internal audit standards and regulatory expectations within the GRC platform.
• Support the audit recommendations tracking and monitoring processes related to IT observations for audit and SOX compliance.

Additional Duties:

• Be a core contributor in developing and maintaining processes and internal audit tools/approach to facilitate continued awareness of risk and controls across the enterprise.
• Leverage knowledge of business, industry, technology and current market to provide input for strategic research and leading practices recommendations.
• Manage and lead the performance and professional growth of direct reports to ensure development of their skills and talent to help the organization achieve its long-term goals.

This Might Describe You

• Four-year degree in Information Technology, Computer Science, Accounting, or a related field. Master’s degree is preferred.
• Proven experience in IT audit (IIA Standards), cybersecurity, SOX compliance, and/or ISO standards, including leadership responsibilities.
• Proven track record of building and implementing aligned assurance risk assessment to support internal audit planning and overall IT audit management.
• Proven experience in managing IT audits, leading teams, and collaborating with senior management and regulators.
• Deep knowledge of IT systems and controls, particularly in insurance and financial services.
• Strong understanding of regulatory requirements in the insurance and financial services industries.
• Expertise in cybersecurity frameworks (e.g., NIST, ISO 27001, COSO, ITIL), SOX compliance, and IT governance principles.
• Publicly traded company disciplines and regulatory knowledge (NYDFS, SEC, NAIC, BMA and international regulations).
• Preferred professional certification in Certified in Risk and Information Systems Control - CRISC, CISA, CISSP, CIA).  ISO certification a plus.
• Knowledge of GRC platforms and other technologies (i.e., Diligent One, Service Now, SailPoint, ADO, Azure. Etc.).
• Proficient in Microsoft Office (Word, Excel, Access, and Outlook).
• Very strong analytical, problem-solving, and communication (verbal and written) skills, with the ability to influence and engage with senior stakeholders.
• Ability to switch between work assignments quickly, and work under deadlines.
• Ability to work effectively in a team environment that is rapidly changing.
• Operate with a supportive and responsive manner.
• Ability to collaborate with employees at all levels across the enterprise and in team settings.
• Ability to effectively prioritize and execute tasks in a fast-paced environment and emerging growth company.
• Experience in interfacing with and presenting to executive teams, business management, and external teams (i.e., external auditors).
• Ability to convey issues and ideas in both business-friendly and technical-friendly language.

Other things to note

• This position can be worked as remote position within the United States.
• Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable. For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable.

Say hello to Hagerty

Hagerty is an automotive enthusiast brand and the world’s largest membership organization. Along with being a best-in-class provider of specialty insurance for enthusiasts, Hagerty is also home to the Hagerty Drivers Foundation, Garage + Social, Hagerty Drivers Club, Marketplace and so much more. Committed to saving driving for future generations, each and every thing Hagerty does is dedicated to the love of the automobile.

Hagerty is a rapidly growing company that values a winning culture. We provide meaningful work for, and invest in, every single team member.

At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age or car preference.  We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world.

If you reside in the following jurisdictions: Illinois, Colorado, California, District of Columbia, Hawaii, Maryland, Minnesota, Nevada, New York, or Jersey City, New Jersey, Cincinnati or Toledo, Ohio, Rhode Island, Vermont, Washington, British Columbia, Canada please email [email protected] for compensation, comprehensive benefits and the perks that set us apart. 

#LI-Remote

EEO/AA

US Benefits Overview

Canada Benefits Overview

UK Benefits Overview

If you like wild growth and working with happy, enthusiastic over-achievers, you’ll enjoy your career with us!