Senior Risk Management Professional - SOX IT Controls & Oversight (Advisory)
Role Overview
We are seeking a highly experienced Senior Risk Management Professional to lead the design, assessment, and independent oversight of SOX Information Technology (IT) controls across the organization. This role serves as an independent second-line assurance function, providing objective oversight of control design, execution, testing quality, audit readiness, and remediation activities to strengthen the organization's SOX compliance framework.
The ideal candidate will possess deep expertise in SOX IT controls, control design and operating effectiveness assessments, deficiency management, evidence validation, audit support, and remediation advisory. The role is responsible for ensuring the effectiveness, sustainability, and compliance of the SOX control environment while driving continuous improvement and adherence to established SOX compliance KPIs.
Key Responsibilities
SOX IT Controls Design, Review & Oversight
- Design, review, and independently assess SOX IT controls to ensure they effectively mitigate identified financial reporting risks.
- Evaluate the design and implementation of new and existing controls, ensuring alignment with regulatory requirements and organizational risk objectives.
- Perform comprehensive reviews of the SOX control environment to identify:
- Control design deficiencies and gaps
- Misalignment between identified risks and existing controls
- Ineffective, redundant, or unsustainable controls
- Opportunities for standardization and automation
- Assess Design Effectiveness (DE) to confirm controls are appropriately designed to address SOX risks.
- Assess Operating Effectiveness (OE) through independent reviews to identify:
- Execution inconsistencies
- Control failures and exceptions
- Gaps in manual or automated control execution
- Tool, process, or technology dependencies impacting control effectiveness
- Provide independent challenge and oversight to ensure controls are consistently executed, adequately documented, and supported by appropriate evidence.
- Monitor the quality of SOX testing activities and validate that testing methodologies meet internal standards and external audit expectations.
- Review control evidence for completeness, accuracy, and audit readiness.
- Advise control owners on remediation strategies for identified deficiencies and monitor timely closure of corrective actions.
- Support internal and external audits by facilitating walkthroughs, responding to audit inquiries, and validating remediation evidence.
- Track and report SOX compliance metrics, key performance indicators (KPIs), and control health to leadership.
- Drive continuous improvement initiatives to enhance the effectiveness, efficiency, and sustainability of the SOX IT control framework.
- Collaborate with Risk, Internal Audit, IT, Finance, and business stakeholders to strengthen governance and maintain a robust control environment.