IT Control Analyst – ICFR

About The Position

Requirements

• Bachelor’s degree in Accounting, Information Systems, Finance, or a related field.
• Typically 3-5+ years of experience in IT audit, IT controls, or risk management, with exposure to SOx environments or public accounting.
• Technical Knowledge Working knowledge of SOx, COSO, and COBIT frameworks.
• Foundational understanding of IT environments, including infrastructure, cloud technologies, and information security concepts.
• Familiarity with control walkthroughs, testing techniques, and audit documentation standards.
• Analytical Skills: Ability to analyze control designs, identify risks, and assess operating effectiveness.
• Communication: Clear written and verbal communication skills, with the ability to explain control concepts to non-technical stakeholders.
• Execution Focus: Strong attention to detail, ability to manage multiple testing activities, and meet deadlines in a structured environment.
• Collaboration: Comfortable working as part of a team and engaging constructively with stakeholders at various levels.

Nice To Haves

• CA, CPA, CISA, or progress toward a relevant professional certification is considered an asset.
• Experience using audit or GRC tools is an asset.
• Experience in insurance, financial services, or other regulated industries.
• Exposure to ERP systems (such as SAP), key financial applications, or system implementations.
• Awareness of IT automation, data analytics, or emerging technologies as they relate to controls and audit.
• Prior experience supporting external audit engagements.

Responsibilities

• Execute IT Control Assessments Conduct thorough evaluations of IT General Controls (ITGCs) and IT Application Controls (ITACs) to support ICFR and SOx compliance.
• Lead walkthroughs and facilitate control testing in collaboration with business units, IT teams, and external auditors.
• Apply internal control testing methodologies consistent with SOx, COSO, and COBIT frameworks.
• Ensure clear documentation of control design and operating effectiveness, adhering to internal standards.
• Support Continuous Improvement Assess control effectiveness and identify gaps or opportunities for enhancements.
• Assist with root cause analysis for control deficiencies and contribute to remediation tracking and validation.
• Partner with process and control owners to strengthen the internal control environment and enhance sustainability of controls.
• Remain informed about emerging IT risks, regulatory expectations, and industry best practices relevant to ICFR.
• Collaboration and Stakeholder Engagement Liaise with external auditors to facilitate coordination of walkthroughs and testing activities.
• Build strong working relationships with cross-functional stakeholders across IT, Finance, and Risk.
• Communicate testing results, issues, and observations clearly and professionally to management.
• Quality and Professional Development Maintain high standards for documentation quality, accuracy, and timeliness.
• Contribute to knowledge sharing, standardization, and continuous improvement initiatives within the ICFR team.
• Proactively develop technical and professional skills through on-the-job learning and training opportunities.