Senior IT SOX Auditor

Overview:

This position requires a candidate who is experienced at defining, leading and executing on the annual IT SOX Audit Plan, specifically the annual assessment of the design and effectiveness of the company’s key IT SOX controls and testing of key reports which support internal controls over financial reporting.  With regard to the annual IT SOX testing, this position will be responsible for independently and pro-actively managing relationships with key business partners consisting of the Company’s business controls office, the Company’s IT compliance office, and the Company’s external auditors relative to the execution of IT SOX testing, while ensuring alignment with both management’s and the external auditor’s expectations.  In addition, this position will be responsible for flexibly supporting IT operational audits and other related deliverables as a key member of the internal audit team.

• Lead the development and execution of the annual IT SOX Audit Plan 
• Execute and report on IT SOX testing, including testing of IT general controls, automated application controls, and key reports 
• Plan, lead, perform, and document control walkthroughs to evaluate the design of IT general controls 
• Evaluate the operating effectiveness of key IT SOX general controls and automated application controls through testing 
• Perform baseline and benchmark testing of key SOX-relevant reports 
• Develop detailed test steps and audit procedures for testing new IT general controls, automated application controls, and key reports 
• Apply appropriate test procedures to existing IT SOX controls and reports to ensure key control attributes are adequately addressed 
• Document SOX testing work thoroughly and accurately, providing high-quality audit evidence to support conclusions and facilitate efficient review 
• Execute test work in compliance with external audit expectations to maximize reliance on internal SOX testing 
• Drive cross-functional stakeholder engagement to ensure successful execution of, and alignment with, the annual IT SOX testing plan 
• Identify, discuss, and validate potential control exceptions (e.g., SOX deficiencies and process improvement opportunities) in real time with key stakeholders in a professional and constructive manner 
• Project manage IT SOX audit activities, ensuring timely execution, achievement of testing deadlines, and regular status reporting to stakeholders

Qualifications:

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or a related field 
• Certified Information Systems Auditor (CISA) certification required; public accounting experience preferred 
• Minimum of five (5) years of experience performing IT SOX audits 
• Experience developing test work programs for new SOX controls, including both manual and automated controls 
• Experience performing baseline and benchmark testing of key reports supporting internal controls over financial reporting 
• Demonstrated ability to work independently, showing self-motivation and effective self-management with limited oversight 
• Problem-solving skills and the ability to manage effectively through ambiguity 
• Excellent organizational, project management, and time management skills, including the ability to multitask and meet deadlines 
• Proven ability to document work in accordance with external auditor expectations, with strong attention to detail 
• Experience scoping and executing IT operational audits, from planning, risk assessment, and scoping through reporting 
• Experience assessing and implementing controls aligned with the NIST Cybersecurity Framework (CSF) 
• Experience performing risk and control assessments using NIST framework guidance 
• Experience implementing and evaluating controls aligned with the NIST framework 
• Experience conducting IT risk assessments using COBIT risk guidance and mapping risks to COBIT control objectives 
• Collaborative and flexible team-oriented mindset 
• Exceptional written and verbal communication skills, including the ability to synthesize and clearly communicate technical information 
• Experience with SAP, data analytics tools, and AuditBoard preferred 
• Proficiency with Microsoft Office applications, including Excel, PowerPoint, and Word