Staff, Sarbanes Oxley IT Security Compliance

Job Description

Staff, Sarbanes Oxley (SOX) IT Security Compliance

The Job
The Manager of Sarbanes Oxley (SOX) IT Security Compliance is responsible for the project management of WBD's SOX IT General Controls program. Reporting to the Head of SOX IT Compliance, you will have broad exposure to the operations of WBD and will interact with leaders across Technology, Finance, Legal, HR, Operations & Sales as well as external audit and internal audit.

The SOX IT Security Compliance Manager will manage a team of resources to maintain the SOX ITGC Framework, facilitate control execution, review design assessments, advise control owners on gap remediation, conduct regular training & maintain relationships amongst key stakeholders. This role will focus on continuing to refine the SOX program to drive consistency, efficacy & efficiency in IT General Controls. WBD views the individual in this position as a subject matter expert in SOX IT Governance, Risk and Compliance (ITGRC). The individual is expected to use sound discretion and professional judgment when interacting with business unit management, senior management, and auditors. This position should strive to make control and audit recommendations which will be most beneficial to WBD, as well as strive for an optimum balance between the cost of implementing and executing controls.
OPERATIONS
• Support the Head of IT SOX Compliance and the Manager in the overall management of SOX program.
• Assist in the SOX scoping and risk assessment activities.
• Assist in assessing the impact of IT on business and finance processes.
• Manage multiple resources responsible for:
• Facilitating ITGRC execution
• Conducting ITGRC design assessments
• Coordinating ITGRC walkthroughs, testing, remediation, documentation & reporting
• Review remediation plans, activities and retesting for potential issues and process improvement opportunities.
• Evaluate risks and controls for new system implementations and assess the impact on SOX ITGCs.
• Facilitate IT management's documentation updates and management assessments of all in-scope WBD IT processes based on SOX and audit requirements via meetings with the WBD IT Regulatory function and IT management.
• Serve as the principal interface with the external IT Audit function and the WBD Internal Audit functions regarding SOX ITGRC related matters.
• Perform the annual SOX 404 scoping exercise to determine if there are any changes to IT
• Review the results of access certifications of financially significant systems, including segregation of duties testing.
• Develop value-added relationships with process owners and make recommendations for process improvement.
• Lead process reviews and identify opportunities for significant enhancements in operational efficiency, overall effectiveness, and identifiable benefits to the company.
• Challenge the status quo and bring effective ideas to enhance the SOX program.
• Drive efficiencies by seeking opportunities for centralization, globalization, and automation.
• Liaison with Sr. Executives, process owners, internal auditors, external auditors, and other stakeholders; prepare business stakeholders for internal and external audit reviews.
• Ad-hoc projects as assigned

PROJECT MANAGEMENT
• Provide regular updates to the department management (Sr. Director of SOX IT Security Compliance), the SVP, and EVP of Global Information and Content Security (GICS) regarding the status of the SOX testing plans, the issues identified, and solutions to address the identified issues or deficiencies.
• Maintain current knowledge regarding changes to Financial Services Authority (FSA) and SOX compliance regulations and ensure that WBD adjusts methodologies in response to the changes by issuing guidance and instructions to the appropriate IT stakeholders and personnel. Determine and recommend changes to current controls to address requirement change or issues.
• Play significant role in the implementation of major projects and initiatives related to auditing automation software and applications to manage governance tasks and SOX financial reporting functions.

STRATEGY
• Collaborate with key stakeholders to understand team needs and dependencies to better align ITGC processes.
• Assist in developing and executing a methodology to evaluate, prioritize and monitor the success of the ITGC processes.
• Accurately and clearly articulate strategic issues and provide relevant, logical options for solving them.

The Essentials
• BA/BS in Computer Science, Management Information Systems and / or Accounting is required.
• CISA, CISM, CIA and/or a relative certification is required.
• 5+ years of experience in Public Accounting, IT Audit or role involving review of internal risk and control processes.
• 5+ years of experience in designing, implementing, or testing ITGC processes.
• Proven experience in managing the execution of an end-to-end SOX program. Must have strong project management experience in ITGCs and / or audits.
• Excellent attention to detail and organizational skills are needed to effect change and prioritize deadlines.
• Able to work well under pressure and accustomed to project work with tight deadlines.
• Creative, self-starter, quick thinker, curious and dedicated individual who is eager to influence change within the organization.
• Strong analytical and problem-solving abilities, with demonstrated intellectual and analytical rigor.
• Team-oriented, collaborative, diplomatic and flexible.
• Strong written and verbal communication skills, strong interpersonal skills, and the ability to communicate effectively across regional and/or functional lines.
• Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools
• Ability to interact with external auditors and members of senior management to deliver expectations, scope, and communicate and interpret key audit priorities and issues, including PCAOB and AICPA trends
• Working knowledge of basic financial accounting, auditing, and financial reporting concepts
• Comfortable in working in highly iterative and somewhat unstructured environment
• Knowledge of and passion for media, entertainment, and technology industries (including key players, growth trends and drivers, new media models, industry structure, etc.)
• Subject matter expertise related to:
• IT General Controls
• SSAE 18 / SOC 1 / SOC 2
• Sarbanes-Oxley and PCAOB requirements
• IT risk assessment / operational IT audit
• IT Controls Frameworks (e.g., COBIT, ISO 27000, NIST)
• Significant experience & expertise in several of the following:
• Microsoft software products (Outlook, Excel, Word, PowerPoint, Visio, Access)
• GRC systems, preferably ServiceNow, SAP GRC and / or Onspring
• ERPs, preferably SAP and Oracle EBS
• Cloud systems, preferably AWS, Azure, Workday, Salesforce, Snowflake
• Infrastructure layer security, such as Active Directory, Unix, Windows, HANA, DB2, SQL, Oracle

The Nice to Haves
• Experience in media & entertainment.
• Familiarity with streaming and similar products/services .
• Experience working in a global company.
• Some visualization tool knowledge would be helpful (e.g., Power BI).
• Experience and involvement with implementing Identity Access Systems for an organization.
• Experience standing up a team and working for organization going through M&A

How We Get Things Done…

This last bit is probably the most

[more...]

Jobcode: Reference SBJ-r7wxm6-3-137-218-230-42 in your application.