Sr. IT SOX Compliance Specialist
920 Winter Street Greater Boston Area, Massachusetts 02451
Position: Sr. IT SOX Compliance Specialist
Location: Greater Boston Area
Required: Big 4 experience, IT Auditing
PURPOSE AND SCOPE:
Contributes to the mitigation of risk and ensures IT compliance with Sarbanes- Oxley (SOX) requirements. Provides guidance, support and subject matter expertise to the IT Regulatory function, who, in turn, works directly with IT management in documenting/testing controls and remediating identified deficiencies. Also works closely with the external auditor SOX IT function to collaboratively determine how to best resolve identified SOX IT deficiencies.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Responsible for facilitating IT management’ s documentation updates and completion of management assessment for all in-scope IT processes.
- Work with IT compliance management to ensure appropriately designed controls are implemented for all in-scope entities and divisions and perform testing to validate their operating effectiveness throughout the fiscal year.
- Facilitate regular meetings with the IT Regulatory function and IT management to plan the documentation updates and testing of SOX IT controls.
- In conjunction with the IT Regulatory Compliance function and IT management analyze SOX testing results, making recommendations to facilitate management’ s remediation and/or identification of mitigating controls for all IT deficiencies.
- Responsible for performing and facilitating access certifications of financially significant systems, including segregation of duties testing.
- Supports IT compliance management as the principal interface with the external auditor IT Audit function and the IT functions regarding SOX IT matters.
- Assists management in preparing periodic SOX 404 reporting to the SOX 404 Steering Committee.
- Performs the annual SOX 404 scoping exercise to determine if there are any changes to IT data centers, applications or related processes which should be considered to determine what is in scope for SOX 404 purposes.
- Perform IT control assessments of any new entities, divisions and processes deemed material to the financial reporting process or in the scope of the external audit. Work with local IT management to develop and implement IT general controls where required controls are not met and define remediation for deficient controls. Communicate SOX control requirement where necessary.
- Provide regular updates to the IT compliance management and leadership regarding the status of the SOX testing plans, the issues identified, and the decisions regarding the solutions to address the identified problems.
- Maintains current knowledge regarding changes to SOX compliance regulations and ensures that adjusts methodologies in response to the changes by issuing guidance and instructions to the appropriate IT stakeholders and personnel. Determines and recommends improvements to current risk management controls as needed.
- Leads implementation of major special projects and initiatives related to auditing automation software and applications to manage governance tasks and SOX financial reporting functions such as SAP GRC Process Control and Access Control software.
- Manage SAP role provisioning software including monitoring for new SAP roles, preventing the creation of inherent SOD issues, training and assigning new role approvers, and reviewing and addressing SAP requests with SOD violation ensuring appropriate compensating controls.
- Strong knowledge of and experience with FSA, SOX and COSO IT requirements
- Other duties as assigned.
Additional responsibilities may include focus on one or more departments or locations. See applicable addendum for department or location specific functions.
PHYSICAL DEMANDS AND WORKING CONDITIONS:
- The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Travel 10-20%
- • SOX In-Scope Division IT SOX Compliance Contractor(s), as needed
- Bachelor’ s degree in information systems, computer science or business
- Certified Information Systems Auditor (CISA) preferred
EXPERIENCE AND REQUIRED SKILLS:
- 5 – 8 years’ IT Audit/SOX IT experience within an external firm or relevant SOX 404 IT experience within private industry; or a Master’ s degree with 3 years’ experience; or a PhD without experience; or equivalent directly related work experience.
- Strong organizational/communication skills and PC proficiency.
- Experience in dealing with various levels of management.
- SAP/ PeopleSoft/ Data Centers/ Enterprise/ ERP.
- Knowledge of COSO and CoBit control models preferred.
- Must be able to work with senior level management in a very independent manner
I acknowledge that I have read and accepted this job description. I understand what is expected of me in this position, and I am able to perform the essential functions as outlined with or without reasonable accommodation. Furthermore, I understand that the duties and responsibilities listed in this job description are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position. If I have any questions about duties and responsibilities not specified in this job description that I am asked to perform, I should discuss them with my immediate supervisor or my Human Resources representative.