Director IT Audit (Mobility)

About the

Role:

Grade Level (for internal use): 13 Director IT Audit The Director, IT Audit is a technically sophisticated and strategically minded internal audit leader who owns our IT and technology audit program. Reporting to the Chief Audit Executive, this individual serves as the company's audit liaison to the CIO and CISO

• providing independent assurance over the technology controls, cybersecurity and privacy posture, and IT governance frameworks that underpin the business.

This role requires both deep technical fluency and strong leadership presence, the ability to assess complex technological environments with rigor and communicate findings in ways that resonate with both technical and non-technical executive audiences. The ideal candidate brings a Big 4 or public accounting foundation, proven experience leading IT audit programs in dynamic SOX and non-SOX environments, and the credibility to serve as a trusted advisor at the highest levels of the organization. Key Responsibilities Design, own, and execute a comprehensive IT audit strategy and annual audit plan

• built on a robust IT risk assessment process that reflects the company's technology landscape, cybersecurity and privacy risks, and strategic priorities.

Lead IT general controls and IT application testing in support of SOX compliance, ensuring technology controls are appropriately designed, operating effectively, and aligned with external auditor requirements. Lead non-SOX IT and operational technology audits covering areas including cybersecurity, privacy, cloud infrastructure, data governance, third-party/vendor risk, IT change management, access management, business continuity, etc. Serve as the primary internal audit liaison for the CIO and CISO

• providing regular updates on the IT audit plan, findings, and emerging technology risks, and functioning as a credible, independent thought partner on IT risk matters. Communicate IT audit results to executive leadership and the Audit Committee
• translating highly technical findings into clear business risk language that drives informed decision-making. Partner with external auditors on SOX IT audit coordination, reliance strategies, and control testing to maximize efficiency and minimize duplication. Monitor remediation of IT audit findings, ensuring management addresses issues with sustainable solutions
• not just temporary fixes.

Stay ahead of the evolving technology risk landscape including AI governance, cloud security, ransomware, third-party risk, and regulatory developments affecting IT controls. Build and lead a high-performing global IT audit team, developing technical skills, audit methodology, and the ability to communicate complex findings to diverse audiences. Lead the development of AI‑driven and automated audit processes to improve audit quality, efficiency, and scalability. Qualifications Bachelor's degree in Information Systems, Computer Science, Accounting, or a related field required; advanced degree a plus. 10+ years of IT audit experience with at least 4 years in an IT audit leadership role. Big 4 public accounting background or equivalent public accounting experience strongly preferred. At least one active audit-related professional certification required: CISA, CISSP, CPA, CIA, etc.

• CISA or CISSP strongly preferred for this role. Deep expertise in IT general controls, IT application controls, SOX ITGC compliance, and IT risk-based audit methodologies. Strong technical knowledge across key IT domains including cybersecurity, cloud platforms, access management, data governance, and IT infrastructure. Proven experience partnering directly with CIO and CISO-level stakeholders
• able to engage credibly on technical matters while maintaining audit independence.

Demonstrated ability to translate complex technical audit findings into clear, business-relevant narratives for executive and Board audiences. Experience leading non-SOX technology audits including cybersecurity assessments, vendor/third-party risk reviews, and cloud control evaluations. What Success Looks Like The IT audit program is risk-driven, well-respected, and viewed by business leaders as a value-adding function. The IT audit program is proactive, risk-driven, and consistently aware of the technology threats that matter most to the business.

SOX ITGC

audits are executed with precision and external auditors rely on IT audit work

• reducing duplication and increasing efficiency.

IT audit findings are written in language that business leaders can act on, not just language that auditors understand. The IT audit team is technically sharp, professionally credentialed, and recognized as a best-in-class function across the organization. The IT audit team is high-performing, engaged, and proud of the work they do. About S&P Global Mobility At S&P Global Mobility, we provide invaluable insights derived from unmatched automotive data, enabling our customers to anticipate change and make decisions with conviction. Our expertise helps them to optimize their businesses, reach the right consumers, and shape the future of mobility. We open the door to automotive innovation, revealing the buying patterns of today and helping customers plan for the emerging technologies of tomorrow. For more information, visit www.spglobal.com/mobility. What's In It For You?

Our Mission:

Advancing Essential Intelligence.

Our People:

We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.

From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We're committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. Join us and help create the critical insights that truly make a difference.

Our Values:

Integrity, Discovery, Partnership Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals.

Benefits:

We take care of you, so you can take care of business. We care about our people. That's why we provide everything you—and your career—need to thrive at S&P Global.

Our benefits include:

Health & Wellness:

Health care coverage designed for the mind and body.

Flexible Downtime:

Generous time off helps keep you energized for your time on.

Continuous Learning:

Access a wealth of resources to grow your career and learn valuable new skills. Invest in

Your Future:

Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.

Family Friendly Perks:

It's not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the

Basics:

From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at

S&P Global:

At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets.

Recruitment Fraud Alert:

If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, "pre-employment training" or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here.

• Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.

Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

US Candidates Only:

Know Your Rights:

Workplace discrimination is illegal

• 103•Middle Management (EEO Job Group) (inactive), 10•Officials or Managers (EEO-2 Job Categories-United States of America), FINANC103.

2

• Middle Management Tier II (EEO Job Group) S&P Global delivers Essential Intelligence® that shapes decision making.

We provide the world's leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you'll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.