Sr. Manager, IT Internal Audit

Ready to make your next big professional move? Join us on our journey to achieve our big dream of building the most loved restaurant brands in the world. Restaurant Brands International Inc. is one of the world's largest quick service restaurant companies with nearly $45 billion in annual system-wide sales and over 32,000 restaurants in more than 120 countries and territories.RBI owns four of the world's most prominent and iconic quick service restaurant brands – TIM HORTONS®, BURGER KING®, POPEYES®, and FIREHOUSE SUBS®. These independently operated brands have been serving their respective guests, franchisees and communities for decades. Through its Restaurant Brands for Good framework, RBI is improving sustainable outcomes related to its food, the planet, and people and communities.RBI is committed to growing the TIM HORTONS®, BURGER KING®, POPEYES® and FIREHOUSE SUBS® brands by leveraging their respective core values, employee and franchisee relationships, and long track records of community support. Each brand benefits from the global scale and shared best practices that come from ownership by Restaurant Brands International Inc.Reporting to the VP, Internal Audit, the Senior Manager, IT Internal Audit is a hands-on IT audit practitioner and subject matter resource within RBI’s Internal Audit function. The Senior Manager executes IT audit engagements across all four brands — performing IT operational and cybersecurity audits and data governance reviews — under the direction of the VP. The Senior Manager also contributes to RBI’s audit analytics capability, building and maintaining data-driven testing procedures and supporting the continuous monitoring programs that underpin the broader Internal Audit program.Key ResponsibilitiesApply IT audit subject matter expertise across engagements; serve as a technical resource to Internal Audit team members and co-source partnersSupport the SOX ITGC program by coordinating with co-source partners on scoping, reviewing testing workpapers, and tracking deficiencies through remediationExecute audits of change management, access management, SDLC, computer operations, and IT regulatory compliance across corporate and brand domainsBuild and maintain audit data pipelines, analytical models, and testing procedures (Python, SQL, Power BI) in support of the Director’s continuous monitoring programsAdvisor for cybersecurity, data governance, and privacy control assessments (NIST, PCI, CCPA)Support Optro GRC IT integration maintenance and data feed governance under the direction of the VPContribute to analytics adoption across the Internal Audit function; develop reusable testing tools and support data infrastructure decisions in coordination with the VPAssist with IT risk assessments across brands and corporate in support of audit plan prioritizationSupport Internal Audit representation in cross-functional technology governance forums as directedIssue remediation tracking and closure; support special projects and VP advisory requests on technology risk mattersCompetenciesIT Audit Leadership: Demonstrated ability to execute IT audit engagements end-to-end across complex technology environments; translates audit objectives into well-documented, risk-rated findingsSOX / ITGC Expertise: Deep, hands-on knowledge of IT general controls, SOX 404/302 IT support, and external auditor reliance strategies; experienced in deficiency assessment and Item 308(c) evaluationCybersecurity & Data Risk: Fluent in information security audit, IAM, cloud security, and data governance risk; able to assess control design and maturity across diverse technology stacksAnalytics & Automation: Skilled in designing and building data-driven audit programs using Python, SQL, and BI tools; able to automate testing and scale continuous monitoring coverageStakeholder Influence: Adept at building trusted relationships with CIO, CISO, Legal, and Data Governance without direct authority; able to communicate technical risk to non-technical audiencesCommunication & Reporting: Skilled in producing polished, executive-ready audit reports and Audit Committee materials; able to translate technical findings into business-impact language and actionable recommendationsTeam & Co-source Management: Experienced in directing co-source partners and guiding junior audit staff with clarity and accountability; able to coordinate multi-party engagements across specialist and internal resourcesIntellectual Curiosity: Naturally drawn to emerging technology risks (AI/ML, cloud connectors, digital franchise platforms); able to translate evolving trends into timely adjustments to the audit program Education & CertificationsBachelor’s degree in Information Systems, Computer Science, Accounting, or related fieldCISA required; NIST CSF and PCI-DSS audit framework familiarity expectedCIA, CPA, CISSP, CRISC, or CISM a plus Experience7+ years in IT audit, information security audit, or IT risk/complianceMeaningful IT SOX/ICFR experience at a public company, including ITGC coordination with co-source partners and Big 4 external auditorsExperience contributing to an IT audit program in a co-source or influence model; able to work effectively alongside specialist and internal resourcesHands-on experience with SAP environments and cloud data platforms (Snowflake, Azure, or AWS)Experience designing data analytics audit programs using Python or SQL across large, multi-source datasetsRestaurant, retail, or franchise sector experience a plus; multi-brand or multi-geography experience preferred Technical SkillsPython and/or SQL for audit analytics and automationOptro GRC (AuditBoard) – IT integration configuration and workflow designSAP security and authorization concepts; Snowflake governance architecturePower BI or equivalent data visualization; Microsoft Office suite LanguageEnglish required; Spanish or French a plusBenefits at all of our global offices are focused on physical, mental and financial wellness. We offer unique and progressive benefits, including a comprehensive global paid parental leave program that supports employees as they expand their families, free telemedicine and mental wellness support.Restaurant Brands International and all of its affiliated companies (collectively, RBI) are equal opportunity and affirmative action employers that do not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or veteran status, or any other characteristic protected by local, state, provincial or federal laws, rules, or regulations. RBI's policy applies to all terms and conditions of employment. Accommodation is available for applicants with disabilities upon request.