This IT SOX Advisor role will support the client in establishing and maintaining the organisations SOX internal controls framework, ensuring financial reporting risk is being managed in accordance with applicable regulations, and support the annual testing and documentation compliance effort. The role is primarily responsible for supporting all aspects of the annual SOX program, including risk assessment, scoping, walkthroughs, testing, remediation monitoring and year-end evaluation.
Responsibilities:
- Make recommendations on internal control improvements to process and control owners.
- Manage implementations of internal control improvements, including process changes and system implementations.
- Collaborate with Cybersecurity compliance on the design, implementation and evaluation of IT general controls and automation.
- Analyse financial reporting element and business processes for risk significance and likelihood.
- Support IT Control Owners and Compliance with delivering gap assessments and quality assurance reviews programs on IT control environments involving SOX controls.
- Provide training on SOX guidelines and related topics.
- Communicate and collaborate with the key business process managers and IT managers.
- Interaction with IT third-party vendors managing and/or supporting the company’s internal controls.
- Supporting local teams in reviewing external service provides through SOC reports and complimentary end user controls.
- Support business partners and monitor remediation activities of SOX deficiencies.
- Performing deficiency assessments of SOX IT controls and preparing reporting.
- Maintaining an inventory of all SOX IT deficiencies.
- Working with process owners to develop management action plans for SOX IT deficiencies, monitoring the status and testing for completion by the due date.
- Reviewing and documenting with management exceptions identified during walkthroughs or testing of controls.
- Supporting Internal and External Audit testing of SOX IT controls.
Requirements:
- Bachelor’s degree in computer science, information systems, cybersecurity, a related field, or relevant experience for the role.
- Experience in information security risk and/or compliance roles (i.e. security assessments/analysis, risk co-ordination, compliance oversight).
- Knowledge on SOX Compliance internal control framework.
- Ability to present information to various audiences.
- Ability to collaborate effectively with individuals of all levels of the corporate structure.
- Ability to evaluate technical solutions and provide appropriate recommendations.
- Highly-motivated, self-directed, and able to effectively lead smaller scale projects.
- Professional certifications in information security, risk management and/or compliance (i.e. CISSP, CISM, CISA, CRISC) or a related certification will be a distinct advantage.
- Working knowledge of security compliance, policy management, security frameworks (NIST, ISO, SOX) and regulations.
- Analytical thinking and experience in troubleshooting of problems.
- A good understanding of IT compliance, risk and General IT security principles. Comfortable working both independently and as part of a team.
- Excellent customer service, interpersonal and organisational skills.
- Ability to work under pressure according to established procedures and meet critical deadlines.
- Excellent oral and written communication skills / fluent English; both technical and business terms.
- Experience in developing information technology policies, procedures and practices.
