IT SOX Senior Manager

• Drive the implementation and evolution of our IT SOX testing program (ITGCs, ITACs, etc.) with a focus on our cloud-native environment.
• Partner with key stakeholders across Finance to ensure SOX testing coverage is complete between business process and technology controls.
• Plan, execute, and review control testing (Design & Operating Effectiveness) for Access Management, Change Management, and other IT controls across our cloud infrastructure and SaaS landscape.
• Effectively support and constructively challenge Engineering teams on their journey to mature our risk and control environment, providing guidance throughout the remediation process for identified control deficiencies.
• Leverage data analytics and automation to assess control design and operating effectiveness.
• Collaborate with key stakeholders (Security, Finance, Risk) to develop KRIs for measuring and monitoring control performance on a continuous basis.
• Actively mentor testing staff to develop skills and knowledge within the Security Controls team.
• Provide training and advisory support to control owners across the organisation to maintain compliance with SOX 404 requirements.

Do you have experience in Terraform?, * You possess deep knowledge of SOX 404 requirements, COSO framework, and IT control frameworks (NIST, ISO27001). You understand how compliance frameworks map to dynamic infrastructures.

• You have 8+ years of experience in Technology Risk or IT Audit, with a dedicated focus on SOX. You have demonstrable experience with first-time SOX audits in cloud-native environments.
• You understand how Change Management works in a CI/CD pipeline and how Access Management works in a microservices architecture.
• You are comfortable validating controls within our specific tooling environment. Experience with AWS, Terraform, GitHub, Jira, Okta, and SailPoint is preferred.
• You are driven to modernize testing methodologies, utilizing data analytics and automation to reduce reliance on manual processes and enhance control coverage.
• You work well in a cross-functional environment. You can articulate complex control findings to engineers and explain complex technical risks to finance stakeholders.