POSITION TITLE: DIRECTOR, IT SOX COMPLIANCE
This position is responsible for planning and managing Information Technology (IT) Sox Compliance program and internal control process improvement initiatives. Identify and manage improvements to the design and operating effectiveness of internal controls in response to large scale IT projects or the identification of internal control weaknesses. Capture significant learning from internal and external resources to enable leading practices. Routine communication to IT and business leadership of the status of the IT internal control and security environment is a critical component of this position.
2. ESSENTIAL RESPONSIBILITIES:
• Manage the internal IT Sox Compliance program ensuring quarterly testing of controls is planned, executed and completed effectively.
• Manage the preparation, planning and execution of system development lifecycle related IT control tests for pre and post system implementations.
• Manage the identification and evaluation of new third party IT service providers.
• Partner with all levels of IT and business management to ensure that Sox and IT pre and post system implementation testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost effective recommendations being provided to management to strengthen controls.
• Routinely summarize and communicate to the affected project team control owners and IT management, control weaknesses identified during testing. Share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency and mitigate risk.
• Prepare reports on findings and recommendations for policy, procedure and internal control improvements.
• Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews
• Partner with all levels of IT and business management in the design, implementation and monitoring of internal control remediation plan execution through 'deficiency closed' phase.
• Partner external auditors to coordinate the quarterly and annual testing of IT Sox controls. Work with management to identify remediation plans where control weaknesses are identified.
• Identify on an on-going basis relevant industry trends and potential evolving risks facing IT initiatives, potential changes to IT internal controls over financial reporting and assess their impact on the scope and strategy of the IT department.
• Provide or assist in preparing and conducting IT focused internal controls training.
• Perform customary administrative tasks and responsibilities.
• Other assignments or special projects as requested by management.
3. DECISION MAKING/ACCOUNTABILITY
• Work is governed by Sarbanes Oxley. Within the regulatory framework issues arise that are substantially complex, varied and regularly requires the selection and application of technical and detailed guidelines. Independent judgment is required to identify, select, and apply the most appropriate methods as well as interpret precedent. The position regularly makes recommendations to management on areas of significance to the department and organization at large.
• This position is expected to operate very independently. Supervision received typically consists of feedback, coaching and advice
• This role typically has 5-6 direct reports. Supervisory requirements consist of monitoring test execution progress, reviewing results of test execution, reviewing adequacy of remediation plans in reducing risk and ensuring compliance with reporting deadlines and submission procedures.
4. KNOWLEDGE, SKILLS & EXPERIENCE:
• Eight or more years of technology and audit experience (general technology controls, application, and security) within a public accounting, and/or internal audit function
• Seven or more years of experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, and SOX 404 requirements including all phases of planning, evaluation, documentation, testing and remediation.
• Demonstrated proficiency of technology auditing control disciplines including thorough knowledge in two or more and general knowledge in relevant areas of technical specialization (security, application development, change management, or operations).
• Working knowledge of:
- SAP HANA Auditing
- Oracle Database Administration, Security Administration and e-Business Suite (a plus) Auditing
- Windows Operating System and Active Directory Security including Users and Groups, Group Policy, Domain Structures, Security and Auditing
- UNIX / Linux Operating System Security, including Users and Groups, System Configurations, File Permissions, Privileged Accounts, Password Controls, Security and Auditing
• Knowledge of segregation of duties principals and experience with SAP GRC and Oracle GRC tools.
• Ability to think analytically; communicate complex issues, and develop control recommendations
• Excellent written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism
• Ability to lead teams and motivate people
• Comfortable with meetings and leading discussions with senior staff
• Superior skills in planning, managing and controlling activities of a diverse team
• Customer focused and professional in work ethic and performance
• Demonstrated track record of integrity, effective communication, commitment to teamwork, innovation, and excellence
• A BA or BS Degree or equivalent in Information Systems, Accounting, Finance, Business, or related field
• Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent)
Jobcode: Reference SBJ-g3325n-3-236-212-116-42 in your application.