Senior IT Governance Analyst (Sarbanes-Oxley / SOX)
This position will be part of a small team ensuring all major Global IT processes and system controls are designed effectively, support transparency and continuous improvement.
- Help move the IT organization beyond SOX compliance
- Demonstrate measurable results improving the overall quality of operational effectiveness through repeatable, measurable processes
- Improve Service Owner awareness and expertise
- Work closely with the IT Governance Manager and IT Service Owners to ensure repeatable, measurable processes are in place to achieve strategic operational objectives
- Work closely with other related governance functions within the business, such as Global Security Services, Service Management and Internal Audit to ensure key internal controls are in place and operating as intended
- Maintain and update IT Risk Assessments based on the Cobit 5 framework
- Experience developing and maintaining a Quality Assurance Plan (QAP) at Program and Project levels
- Develop Standard Operating Procedures (SOPs), policies and related procedures for evaluating risk, establishing and maintaining an effective system of internal control
- Periodic updates to IT Leadership on control readiness, maturity and best practice
- Coordinate foundational control reviews (e.g. Disaster Recovery exercises and Access Control reviews
- Assist project and support teams in identifying, implementing and documenting internal controls to support new services as a part of go live readiness
- Provide audit readiness support to IT Service Owners for quarterly and annual reviews of internal controls over financial reporting to enhance analytical and decision support
- Perform periodic evaluations of IT internal control systems and identify areas of improvement, best practices, and lessons learned.
- Assist Service Owners in remediating identified IT control deficiencies.
- Provide audit support for IT Service Owners and act as a centralized point of contact for Internal and External audit requests.
Skills & experience
- Bachelor's degree in Management Information Systems or similar.
- Experience developing and implementing risk assessment frameworks.
- Minimum of 3 years' experience with IT audit concepts, audit evaluation, process analysis, audit opinion preparation, audit research, and process testing.
- Minimum of 3 years' experience leading IT audits , frameworks (COSO, COBIT), IT Security, Internal Controls Review, and Risk Management Framework (RMF)
- One of the following certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified Information Systems Security Professional (CISSP).
- Willingness to travel up to 20% of the time.