Senior Analyst, Corporate IT SOX Audit

Primary Job Duties & Responsibilities:

Audit Project Management

• Effectively perform and document IT SOX audit activities in accordance with professional standards and the organization’s
• audit methodology.
• Execute testing and create work paper documentation.
• Understand procedures, results and business impacts; and document and express such understanding in both written and verbal form.
• Perform detailed review testing to analyze and validate information and provide constructive feedback to preparers to enhance the quality of testing work papers.
• Demonstrate the ability to accurately document ITGC process workflows and data flows.
• Create clear and accurate documentation and workflows of technology processes and test results and exceptions.
• Work in a fast-paced, collaborative setting with cross-functional teams.
• Lead individual project components and testing areas; oversee the work of more junior auditors and/or interns.

Audit Reporting/Communication

• Independently collect facts, utilize strong analytical capabilities to recommend appropriate actions on complex matters, and effectively communicate status and results in a concise, timely manner.
• Reports related audit findings to audit and business stakeholders.
• Interacts with various levels of Internal Audit and business line management to resolve issues in a timely manner and to maintain effective communications.
• Consider SOC reporting and other compliance impact for controls which are tested once and applied for other compliance purposes. 

Audit Team Support

• Meets administrative reporting requirements and supports department initiatives.
• Demonstrates a commitment to integrity and the company code of conduct, and a respect for diversity and inclusion.
• Contribute to overall Internal Audit Department team norms to promote a positive environment and improve team effectiveness.
• Keep current of relevant technology developments and evolving IT risk areas.

Required Qualifications:

• 2+ years’ experience in IT SOX Audit, IT SOX Compliance, Control Validation, Risk Assessment, or Risk Consultant role.
• Ability to travel up to 10%.
• Must be willing to work 8:00am-5:00pm EDT or CDT.

Preferred Qualifications:

• Professional designations such as CPA, CIA, CISA etc., or progress towards achieving such designations.
• In-depth knowledge and understanding of Sarbanes Oxley regulation including its requirements, regulations, and implications for financial reporting and internal controls.
• Prior experience in strategizing, planning, and developing technology audit project plans.
• Healthcare, Insurance, or Retail industry business practices and risks.
• Familiarity with Cloud environments and data classification and protection concepts. IT processes - including applications and infrastructure, security and vulnerability assessments, change control, asset management, disaster recovery, data privacy, and IT risk assessment, automated control environments, cybersecurity best practices, cloud security controls etc.
• Familiarity with the following concepts: Information Risk Frameworks (NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS), eGRC tools, and IIA Standards, Data Privacy regulations and industry standards (e.g. HIPAA, GDPR, CCPA).
• Good teamwork and collaboration skills.
• Strong oral/written communication, critical thinking, problem resolution and interpersonal skills with proven ability to influence and collaborate with external and internal partners at all levels.
• Excellent analytical and problem-solving abilities.
• Ability to work independently and manage multiple priorities.
• Detail-oriented with a high level of integrity and professionalism.
• Practical knowledge of processes, risks, and internal controls.

Education:

• Bachelor's Degree or equivalent experience (HS diploma + 4 years relevant experience).