This role will perform and oversee Sarbanes-Oxley (SOX) 404 and Service Organization Control (SOC) control testing for large and/or technically complex IT processes. You will utilize your strong knowledge of the requirements of the Sarbanes Oxley (SOX) Act to perform annual risk assessment and walkthroughs, identify suggested changes or implementation of key controls through new process design, and perform operating effectiveness testing in accordance with annual department schedule. In addition, you will effectively communicate issues and/or concerns to stakeholders and audit management throughout the course of your work.
The scope of responsibilities includes the following:
Work effectively with process owners to perform annual process risk assessment and walkthroughs with timely updates to the process risk matrices and narratives.
Evaluate the adequacy and effectiveness of IT general controls, ensure assigned testing objectives are met and work is completed in accordance with standards and within time targets.
Identify gaps in control design and control operative effectiveness of IT general and application controls and assist IT management with related remediation measures
Monitor implementation and completion of remediation efforts
Participate on special projects when as needed.
Stay abreast of current and emerging information technology methodology and continually develop your knowledge of information technology.
This position provides a great opportunity to provide coaching and direction to other team members in the form of on-the-job training and guidance to other IT Senior and Staff Auditors with attention to those who are new to the team.
Minimum requirements:
Minimum of three years of progressively responsible relevant work experience in SOX and IT Auditing.
Experience leading audit projects or consulting engagements
Strong knowledge of IT general controls related to operations, information security and change management of systems software, application source code, network, and system database technologies
Experience testing automated and manual application controls
Knowledge of the COSO internal control framework
Critical Skills:
Strong interpersonal skills with well-developed verbal and written communication skills
Solid organizational and project management skills, including extensive cross-functional leadership capabilities and ability to participate in task-oriented teams
Must have experience with Windows and Unix environment from a security perspective
Oracle or SQL database knowledge
Desired Experience/Nice to Have:
Big 4 public accounting firm, Fortune 500 Internal Audit department, or a combination of this experience
Experience auditing major commercial ERP such as Oracle, SAP, etc.
Prefer candidates with a relevant certification such as CISA, CISSP, etc.
Experience in the Healthcare or IT industry is a plus
Four-year college degree from an accredited institution; Bachelor’s Degree in Business, Accounting, IT, or related field with focus on information systems preferred