IT SOX Analyst

Job Summary

The IT SOX Analyst is responsible for ensuring compliance with the Sarbanes-Oxley Act (SOX) as it relates to IT systems and controls, in partnership with Business Controls Office (BCO). This role involves evaluating IT processes and in-scope systems/applications, development and evaluation of control activities and quarterly certification documentation, supporting design walkthroughs and operational effectiveness testing by IA and external audit teams, and IT General Controls (ITGCs), and collaborating with BCO, internal and external auditors.

Key Responsibilities

SOX Compliance & Testing

• Facilitate walkthroughs of IT processes and controls.

• Assist with development of SOX key control attributes for ITGCs, spreadsheets, and reports.

Facilitate PBC requests for IA and external related to walkthroughs, design and operational effectiveness testing

• Evaluate the design and operational effectiveness of IT controls, in partnership with BCO.

• Identify and document control deficiencies and recommend remediation to BCO.

• Maintain and update SOX documentation (narratives, flowcharts, risk/control matrices) in partnership with BCO

Audit & Risk Management

• Support internal and external audit teams during SOX audits.

• Assist in annual and periodic risk assessments.

• Participate in third-party risk assessments and SSAE18 reviews.

• Monitor segregation of duties and access controls.

Collaboration & Reporting

• Work closely with IT, Finance, and Compliance teams.

• Provide regular updates to senior management on SOX compliance status.

• Train stakeholders on SOX requirements and control procedures.

Documentation & Process Improvement

• Create and maintain internal control documentation.

• Contribute to process improvement initiatives to enhance control efficiency.

• Ensure quality assurance of SOX working papers and deliverables.

Requirement

·         Bachelor’s degree in Accounting, Finance, Information Systems, or a related field; alternatively, four years of direct experience in IT SOX Compliance may be considered in lieu of a degree.

·         3 years in internal audit, IT compliance, or SOX 404 testing.

·         Experience with COSO framework, US GAAP, and ITGCs.

·         Familiarity with ERP systems (e.g., SAP) and GRC tools.

·         Strong understanding of SOX, ICFR, and IT control frameworks.

·         Solid understanding of business processes supported by IT applications

·         Ability to interpret complex regulations and assess their impact on IT systems.

·         Excellent analytical, communication, and interpersonal skills.

·         Identifying gaps in compliance and proposing practical solutions.

·         Ability to work independently and manage multiple priorities.

·         Working effectively with IT, legal, audit, and business teams.

·         Managing multiple audits, assessments, and documentation tasks simultaneously.

·         Handling sensitive data and compliance issues with discretion.

·         Certifications (Preferred): CISA, CIA, CMA, or similar.