Description

You will own the assurance and maintenance of the IT SOX program and the technology internal control environment.

Responsibilities

• Document SOX control design narratives and conduct operating effectiveness testing for in-scope systems.
• Serve as the Subject Matter Expert for SOX IT compliance across the organization.
• Identify, evaluate, document, and monitor the remediation of control deficiencies.
• Assist with quarterly SOX control certifications and management attestations.
• Automate and assist in gathering audit evidence for internal and external SOX audits.

Required Skills

• 5+ years of experience in Security GRC, IT Audit, or a related field, with a strong focus on SOX compliance and IT General Controls (ITGCs) in a retail environment.
• Big 4 IT Audit experience or similar, with expertise in evaluating and testing ITGCs and application controls supporting financial reporting.
• Deep understanding of SOX Section 404 requirements, including risk assessment, control design, and effectiveness testing.
• Strong knowledge of ITGC domains: access controls, change management, IT operations, and System Development Lifecycle (SDLC).
• Experience with cloud platforms (AWS, Azure), SaaS applications, and their SOX control implications.
• Proficiency in using GRC tools like ServiceNow to streamline audit workflows.
• Experience working with internal and external auditors, managing evidence collection and issue resolution.
• Proven ability to drive remediation efforts and track control deficiencies.
• CISA, CPA, or CIA professional certifications are required.

Key Skills

Education

Any Gradute