Title:  Director, IT Audit

Requisition ID:  985

Atlanta, GA, US, 30328

Department:  Compliance
Travel:  Up to 25%

If you are a GPI employee, please click the Employee Login before applying.


At Graphic Packaging International, we produce the paper cup that held your coffee this morning, the basket that transported those bottles of craft beer you enjoyed last weekend, and the microwave tray that heated your gourmet meal last night. We’re one of the largest manufacturers of paperboard and paper-based packaging for some of the world’s most recognized brands of food, beverage, foodservice, household, personal care and pet products. Headquartered in Atlanta, Georgia, we are collaborative, diverse, innovative individuals who create inspired packaging while giving back to our communities. 


With over 25,000 employees working in more than 130 locations worldwide, we strive to be environmentally responsible in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry’s best to reward the talented people who make our company successful.


If this sounds like something you would like to be a part of, we’d love to hear from you.

A World of Difference. Made Possible.


Scope: The Director, IT Audit, will be a key member of the Internal Audit Leadership team leading the IT Audit function and implementing strategic and operational plans related to Internal Audit’s vision, mission, and overall goals and objectives.  The Director will deliver independent, objective assurance and advisory services with a focus on systems, cybersecurity, data privacy and protection, acquisition integration, and financial reporting controls, while managing the IT internal audit team globally (including IT co-source) and managing the IT elements of the SOX program (e.g., ITGC, ITAC, IPE). Key liaison with IT leadership, especially IT Risk Management.   This includes partnering with the IT Risk Management and Enterprise Risk Management functions assessing risk and assuring Graphic Packaging is positioned to achieve its strategic objectives.


This position will be responsible for planning, performing, and reporting audit activities related to the Company’s ERP transformation projects, IT environment, IT risks, and other IT matters including pre / post implementation reviews, audit support, and control design and verification procedures.


Key Responsibilities and Job Functions: Primary job functions include, but are not limited to the following:  

  • The IT Audit Director will be expected to dive deep into the audits and lead from the front while also effectively influencing at all levels and working with stakeholders in a fast-paced environment
  • This role will help establish IT Governance, Compliance, and Audit strategies throughout the organization
  • Develop and maintain the annual IT internal audit plan, including the annual operational and IT risk assessment process
  • The IT Audit Director will be responsible for performing audits and reviews designed to analyze, assess, and strengthen the company’s technological infrastructure and internal control environment
  • Specific areas of audit focus include, but are not limited to, IT governance, IT general controls, IT project management, IT infrastructure management, software development lifecycle, application security, application controls, emerging information security and cybersecurity risk, cloud architecture, and controls related to applications hosted in the cloud, data lifecycle management, data privacy, disaster recovery, and business continuity
  • Manage technology audits and the IT SOX compliance program, including the review of walkthroughs and testing of the operating effectiveness of controls
  • Participate in project management activities such as system pre-implementation and/or business process enhancements/re-engineering, where warranted and applicable, and provide value-add advice and insights.
  • Provide the technical understanding of SAP and other ERP configurations as it relates to the design, development, and testing of automated controls and security
  • Provide design assistance and testing over enhancements to identity & access management platform
  • Work closely with the company’s external auditor; provide appropriate support to the external auditors in the performance of walkthroughs, as well as IT related dependencies
  • Establish yourself as a trusted advisor to IT leadership and provide advice over relevant SAP and other technology considerations
  • Continuously improve internal audit approaches, tools, methodology and productivity



  • Minimum of a bachelor’s degree in computer science, Information Systems, Engineering, Information Technology, or Management Information Systems
  • Minimum 10+ years of information technology experience
  • 5+ years of proven experience in the design, testing, and implementation of business process controls and ITGCs in an SAP ECC and S/4 HANA environment, including both SAP automated and IT dependent controls
  • 3+ years of working with segregation of duty frameworks and associated mitigating controls
  • 3+ years of leading projects, managing budget, and resource management
  • Understands and applies The IIA’s International Standards for the Professional Practice of Internal Auditing, COSO 2013, ISACA’s COBIT 5, Sarbanes-Oxley Act, etc.


Required Skills:

  • Overall understanding of SAP and knowledge of SAP GRC Process Control or other similar compliance tools
  • General knowledge of ITGCs and networks
  • Knowledge of Cyber domains such as Cyber Governance, Application Security, Controls and Compliance, Data Privacy and Protection, Infrastructure Security, Identity and Access Management, Monitoring and Response; and Operational Security
  • Available for potential domestic and international travel (10%-25%)


Preferred Skills:

  • Experience providing guidance to IT organizations solving for technical debt in a risk / value-based manner
  • Experience helping guide organizations during all phases of M&A related to IT controls
  • Ability to influence and educate a broad array of enterprise stakeholders on the value of partnering with Internal Audit early in strategy development, major initiative ideation, etc.
  • Experience in developing efficient IT Audit plans and coverage strategies in decentralized IT environments and applications
  • Ability to manage the IT audit function across the organization semi-autonomously, from a planning, audit-execution, and administrative perspective.
  • Ability to understand the company’s IT and overall strategy and objectives and related key business processes, operational procedures, and systems to ensure the relevancy of the IT Audit program coverage
  • Implementation experience with SAP S/4HANA, including risk assessment, control identification, design, testing, and deployment
  • Demonstrated ability to take accountability and takes initiative and is self-directed
  • Strong understanding of control environment impacts related to cloud applications
  • Effective time management, including planning and decision-making, identifying priorities, and bringing projects to successful and timely completion with a focus on high standards and quality
  • Strong understanding of audit requirements
  • Certification such as: CISA , CISSP, CISM , PMP, CPA, or/and CIA (— i.e., Information Systems Auditor, Certified Information Security Manager, Certified in the Governance of Enterprise IT, Certified in Risk and Information Systems Control, and/or Certified Information Systems Security Professional.)
  • Experience with Accounting and Finance domains, public company environments, and internal controls experience
  • Ability to undertake a variety of audit activities including SAP risk support, data extraction, information reporting, process monitoring, integration with GRC, and assisting with SAP Upgrade
  • Develop and monitor audit project plans to document and test controls and processes associated with the company’s ongoing ERP transformations (e.g., further adoption of SAP S/4 HANA)
  • Strong understanding of regulatory concerns impacting SAP and IT environments, including Sarbanes Oxley and data related regulations (e.g., GDPR, CCPA, etc.)
  • Manufacturing, packaging, or other related experiences are preferred
  • AuditBoard and One Trust experience


Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law. Click here to view the Poster, EEO is the Law.

Nearest Major Market: Atlanta