SOX ITGC - Manager

Role & responsibilities

• Oversee and manage multiple aspects of SOX compliance, including scoping, testing, and documentation of IT controls.
• Conduct risk assessments to identify key areas of risk and evaluate the effectiveness of existing controls in mitigating these risks. Working with internal auditors, provide strategic recommendations for managing risks and ensure adequate controls are in place.
• Work with external auditors to support attestations and testing as required to achieve compliance .
• Conduct regular control testing, documenting procedures, results, and remediation actions.
• Develop and maintain a data access & security policy in compliance with SOX requirements, ensuring its consistent implementation and communication across the organization.
• Lead the evaluation of access control, IT security, data backup, and change management processes to ensure compliance with SOX IT controls requirements.
• Effectively collaborate across functions (Software Development, DevOps, Finance, and IT) to design and implement controls that minimize changes to business and technology processes while ensuring compliance.
• Engage in process walkthroughs, develop narratives, and maintain comprehensive policy documentation.
• Perform controls rationalization analysis to identify common, missing, or redundant controls and seek automation opportunities to enhance the efficiency and effectiveness of the SOX testing program.
• Directly interview process and control owners to gain insights, identify gaps, and uncover opportunities for process improvement.
• Develop and implement remediation plans for identified deficiencies, ranking them based on urgency and impact.
• Communicate review results, action plans, and timelines with control owners and key stakeholders, and monitor progress towards addressing identified issues.
• Oversee third-party compliance service providers to ensure quality and timely program results.
• Stay abreast of developments in regulations affecting SOX compliance and recommend changes to internal controls and procedures accordingly.

Preferred candidate profile

• 7+ years of experience in audit, risk management, or compliance, focusing on SOX compliance in publicly traded companies with a strong focus on IT controls.
• Strong understanding of financial reporting processes, internal controls, and internal control frameworks (COSO, COBIT).
• Experience with audits of homegrown operational and billing systems.
• Strong understanding of data security, access controls and change management software controls (Bitbucket and Git preferred).
• Excellent analytical, problem-solving, communication and documentation skills.
• Detail-oriented with strong organizational skills, capable of managing multiple projects with ability to work both independently and collaboratively in a fast-paced environment.
• Preferred certifications: CPA (Certified Public Accountant) or CIA (Certified Internal Auditor).
• Preferred Certifications CISA/CISSP/CISM
• Proficient in the use of technology solutions for risk management and controls testing
• Experience with SIEM platforms, Microsoft Office Suite, audit management software, and ERP systems (e.g., SAP, Oracle).
• Familiarity with HIPAA, PCI DSS, Telecom Billing and PII compliance tools is a plus.