SOX IT Audit Manager

SOX IT AUDIT MANAGER

The Enterprise Reporting Controls & Governance Group is responsible for Comerica's compliance with the provisions of Section 404 of The Sarbanes-Oxley Act of 2002 ("SOX"), and ultimately, providing certification that our internal control environment is operating effectively. The group reports administratively to the Chief Accounting Officer and works closely with key stakeholders across business units, corporate functions, technology, and the second and third lines of defense.

The Senior IT Associate is responsible for comprehensive reviews of IT processes to ensure appropriate controls and procedures are in place and operating effectively.

Position Responsibilities:

• Perform/actively participate in the walkthrough of significant IT processes and ensure SOX documentation is accurate and reflects relevant risk, key controls, and current process.
  Identify key risks and controls, controls optimization, including the configuration of controls around, business process and within IT environments.
• Review SOX documentation (risk control matrices, narratives, flowcharts) prepared by IT partners and identify areas where control enhancements and/or documentation improvements are needed.
• Complete and/or review SOX testing for key general IT controls (ITGCs), IT application controls (ITACs), critical interfaces, and key reports/spreadsheet identified in the walkthrough process.
• Research and assess deficiencies identified and work with process owners to identify an appropriate solution. Follow-up on remediation activities to verify appropriate resolution.
• Review SOC 1 report evaluations to ensure exceptions are appropriately addressed and that appropriate complementary controls are in place and operating effectively.
• Act as a change agent for continual improvement of the internal control environment.