Lead Security Auditor na Paint Stores Group

CORE RESPONSIBILITIES:

1. Lead and Execute IT Security Audits 

   • Conduct audits focused on IT security risks, including network security, application security, endpoint protection, identity and access management (IAM), data protection, vulnerability management, operational technology (OT) security, risk management, data privacy, and threat intelligence/incident response.

   • Evaluate the effectiveness of cybersecurity controls and identify opportunities to enhance controls across infrastructure, applications, and cloud environments.

   • Collaborate with IT, InfoSec, and compliance teams to ensure alignment with regulatory requirements (e.g., NIST, ISO 27001, SOX, HIPAA).

   • Develop and execute risk-based audit plans and procedures tailored to emerging threats and technologies.

   • Prepare detailed audit reports with actionable recommendations for risk mitigation and control enhancement.

   • Monitor remediation efforts and validate corrective actions taken by management.

   • Stay current with cybersecurity trends, threat intelligence, and evolving regulatory landscapes.

   • Support enterprise risk assessments and contribute to the development of the organization’s risk management strategy.

2. Support the annual Sarbanes-Oxley (SOX) compliance program

• Stay up to date on current guidance and methodologies and implement best practices to streamline approach to reduce costs and improve efficiencies 

  • Assist in the completion of ITGC and business process walkthroughs including the preparation and review of supporting documentation to meet internal and external deadlines

  • Work independently with IT and the business to understand application systems, business processes, resolve issues and communicate findings

  • Understand SW’s divisions and in-scope IT applications, including key data flows, in order to continuously identify opportunities for compliance improvement

  • Consult with key process and control owners on ITGCs, application controls, and IPE considerations for key systems within the organization.

3. Responsible for training and developing IT Auditors

   • Supervise daily work of approximately 1-2 IT Auditors

   • Develop IT Auditors through coaching and mentoring

   • Develop IT Auditors through effectively delegating IT audit tasks and providing guidance/learning opportunities 

   • Provide performance feedback, training and performance reviews

   • Manage field work, inform supervisors of the IT audit engagement status and manage IT Auditors performance

   • Foster an efficient, innovative and team-oriented work environment

4. Departmental Planning 

• Meet with Department Managers on a regular basis to stay informed of current projects, future projects, and to address management’s concerns 

• Participate in recruiting efforts as needed

5. Personal Career Development

   • Develop and maintain productive working relationships with company personnel, assess audit clients' satisfaction and proactively maintain contact with the audit client throughout the year

   • Use technology and resources to continually learn/share knowledge with team

   • Adhere to the highest degree of professional standards and strict confidentiality

   • Attend professional development and training sessions on a regular basis

POSITION REQUIREMENTS

Formal Education: 

Required: 

• Bachelor’s Degree from an accredited institution is required

Preferred: 

• Bachelor’s Degree from an accredited institution in Business, Management Information Systems, Computer Information Systems, Cybersecurity, Computer Science, or IT
• Advanced degrees or certifications (CISSP, CISM, CRISC, CISA, SANS GIAC etc.)

Knowledge & Experience 

Required: 

• 4 years of prior work experience in cybersecurity, IT audit, or  consulting at a Big 4 firm or a similarly regulated public company is preferred.
• Must be legally authorized to work in the United States without company sponsorship
• Strong understanding of cybersecurity frameworks, risk assessment methodologies, and control evaluation techniques.
• Excellent analytical, communication, and report-writing skills.
• Ability to work independently and manage multiple priorities in a fast-paced environment.

• Understanding of internal control testing in a team-based environment

• Intermediate knowledge of Microsoft Office tools (Word, Excel, PowerPoint)

• Excellent written and verbal communications, with the effective use of active listening and interviewing skills

Travel:

• Must have ability to travel up to 10% of time (domestic and international)

At Sherwin-Williams, our purpose is to inspire and improve the world by coloring and protecting what matters. Our paints, coatings and innovative solutions make the places and spaces in our world brighter and stronger. Your skills, talent and passion make it possible to live this purpose, and for customers and our business to achieve great results. Sherwin-Williams is a place that takes its stability, growth and momentum and translates it to possibility for our people. Our people are behind the strength of our success, and we invest and support you in:

Life … with rewards, benefits and the flexibility to enhance your health and well-being
Career … with opportunities to learn, develop new skills and grow your contribution
Connection … with an inclusive team and commitment to our own and broader communities
It's all here for you... let's Create Your Possible

At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.

Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable.

Sherwin-Williams is proud to be an Equal Employment Opportunity employer.  All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.

As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.

Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.