The Internal Audit and Enterprise Risk Management team performs operational audits, has extensive purview over the Sarbanes Oxley testing program, and oversees the Enterprise Risk Management processes for SABRE Corporation. The function is part of SABRE Corporation’s broader Finance team, reporting to the Chief Financial Officer administratively and to the Audit Committee of the Board of Directors functionally. Our vision is to proactively guide our Sabre business partners with innovative, best in class audit and risk management practices. Our strategy focuses on 1) talent development, 2) modernization of our audit and risk activities, 3) providing a balanced portfolio of work which provides assurance and advisory services to SABRE, and 4) being a trusted advisor to management and the Board of Directors. 

The Role: 

As a Senior IT Auditor, you are an individual contributor working as part of a team in the Sarbanes Oxley program and other key audit engagements. You are an intellectually curious person who wants to work in a complex and evolving technology environment. In this role, you will have opportunities to expand your skills and grow a career at SABRE, where we make travel happen. 

This role is based out of either the Dallas-Ft. Worth metro area or Montevideo, Uruguay, and reports to the Senior Compliance Manager, in a flexible hybrid role. 

In this role, you can expect to work on the following activities: 

Roles and Responsibilities: 

1. 75% - Sarbanes Oxley program 

a. Participate in annual SOX risk assessment activities; 

b. Collaborate with external auditors during the SOX lifecycle on assigned processes (e.g., Information Technology General Controls, Information Technology Application Controls); 

c. Test controls with a heavy focus on information systems and technology including complex application controls; 

d. Collaborate with process owners on updates to testing documentation, identification of key controls, and testing of those controls;  

e. Communicate testing results to management and advising/educating management on control deficiency remediation and/or updates, when needed; and 

f. Participate in semi-annual SOX control owner training. 

2. 10% - Operational audit engagement 

a. Assist with risk assessment and scoping for technology risks; 

b. Deliver high quality project tasks in a timely manner; 

c. Review the work of others on the project, when needed, in conformance with IIA Standards for the Professional Practice of Internal Auditing and the SABRE Internal Audit Quality Program; and 

d. Provide constructive feedback to the project team.

3. 5% - 10% - Contributor to risk assessment processes for operational audit planning and Enterprise Risk Management. 

a. Schedule and attend meetings; 

b. Research risk topics, both internally and externally; 

c. Assess risks within a provided framework/rubric; and 

d. Maintain business relationships to monitor for risks to the achievement of objectives over time. 

4. 5% - 10% - Special projects, investigations, training and development, and other administrative activities. 

What’s in it for you? 

• You will be part of a well-respected team that works collaboratively across the organization, influencing Sabre’s technology transformation; 

• You can work autonomously – adding your perspective to governance, processes, risks, and controls; 

• You will learn and have opportunities to work on automation, analytics, and processes in the audit and risk function; 

• Be part of one of the world’s largest technology companies which supports travel and hospitality partners around the globe. 

Qualifications and Education Requirements 

• Bachelor's degree in Management Information Systems, Information Security, Computer Science, or related field of study 

• A minimum of three years of experience as an auditor 

• Hold an active certification as a Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA). Candidates without a professional certification will be considered for a staff level role where they will be supported in their pursuit of a professional designation. 

• Intermediate knowledge of auditing practices and standards, trends, and best practices 

• Experience with internal control frameworks such as COSO, NIST, COBIT 

• Understanding of Cybersecurity concepts such as Identity Access Management, vulnerability management, software development lifecycle, security governance, etc. 

• Effective communication skills, both written and verbal 

• Project Management skills 

• Experience working within a team to deliver a high-quality project

• Ability to travel up to 10% of the time, including internationally 

Not required, but preference given to candidates with: 

• Internal Audit experience in the technology industry 

• Experience working with external auditors 

• Experience automating manual controls 

• Experience in data analytics (e.g., SQL, Alteryx) 

• A home location in the Dallas-Ft. Worth area or Montevideo, Uruguay