Position Summary
We are seeking a strategic and process-oriented IT Audit & Controls Analyst to strengthen our organizations internal control posture, risk governance, and IT compliance maturity. This role sits at the intersection of technology, finance, and governance and is critical in supporting the leadership team in maintaining a robust, compliant, and audit-ready IT control environment.
The ideal candidate brings not only deep domain expertise in SOX 404, IT General Controls (ITGC), and IT Application Controls (ITAC) but also a strong understanding of the interdependencies between IT risk, enterprise systems, and business performance. The role will partner closely with internal stakeholders across IT, finance, legal, and external auditors to deliver high-impact insights and continuous assurance.
Key Responsibilities
- Support IT Governance & Risk Leadership by executing and managing the IT controls testing program (SOX/IFC), aligned with strategic business goals and regulatory mandates.
- Evaluate and validate IT Application Controls (ITAC) across ERP and other enterprise applications, ensuring control design and operating effectiveness.
- Oversee the testing of interface controls, ensuring integrity of data movement across financial and operational systems.
- Monitor and assess automated controls and system configurations, including job scheduling, data transformation logic, and automated reports used in financial close or critical operations.
- Conduct risk-based assessments of IT General Controls (ITGC) with emphasis on:
- Access Governance Segregation of duties, elevated access, and role-based provisioning.
- Change Governance SDLC adherence, emergency change management, and release integrity.
- IT Operations Monitoring, incident handling, backup/recovery strategy, and business continuity.
- Lead and document SOX 404 and Internal Financial Controls (IFC) test cycles in close coordination with finance, compliance, and external audit firms.
- Provide timely reporting of control gaps, remediation plans, and risk exposure to management with clear, data-backed recommendations.
- Maintain audit readiness and process ownership documentation across key IT processes.
- Participate in control transformation and automation initiatives, enabling scalable compliance through technology.
Qualifications & Profile
- 4 to 9 years of focused experience in IT compliance, SOX audits, or internal IT controls testing within a mid to large enterprise or Big 4 advisory setting.
- Proven experience managing ITGC, ITAC, and interface control testing across SAP, Oracle, Workday, or similar platforms.
- Deep knowledge of SOX 404, COSO, COBIT, and IFC frameworks, with strong command over control evaluation and risk-based testing methodology.
- Exposure to audit management platforms and GRC systems such as RSA Archer, ServiceNow, or MetricStream.
- Familiarity with automated control environments, job scheduling tools (e.g., Control-M, Autosys), and report validation practices.
- Ability to interface confidently with CIO, CFO, and Risk Committee stakeholders; strong communication and executive presence are essential.
- Strong analytical thinking, attention to detail, and documentation skills for internal control narratives and audit evidence.
- Certifications such as CISA, CIA, or CISM are highly desirable.
What You Will Gain
- Exposure to enterprise risk management practices and alignment with the organizations risk appetite framework.
- Opportunity to interface with leadership and contribute to IT risk discussions that shape internal policies and operational decision-making.
- A chance to participate in strategic audits and transformation projects, driving automation and control optimization.
- A structured career path with opportunities to progress into IT Risk, Governance, or Compliance leadership roles.
Didn’t find the job appropriate? Report this Job
