IT Controls Lead - Global Financial Controls

About The Position

Requirements

• 8-10+ years of experience in SOC reporting, IT audit, IT risk, or control testing
• Deep expertise in: SOX, SOC 1 and SOC 2 frameworks
• ITGCs, ITACs, and business process controls
• Control design and operating effectiveness testing
• Demonstrated experience performing or overseeing end-to-end control testing.
• Ability to challenge testing approaches and auditor conclusions with strong technical rationale.
• Strong understanding of technology environments and data flows supporting control execution.
• Exceptional written and verbal communication skills.

Nice To Haves

• Prior Big 4 experience (SOC reporting or IT audit)
• Experience in financial services / regulated environments
• Direct involvement in: SOC report drafting and review
• Management assertions and auditor language
• Familiarity with SOX, COSO, NIST, and ITGC frameworks
• Professional certifications: CPA, CISA, CISSP

Responsibilities

• Serve as a senior subject matter expert for SOX and SOC governance, including scoping strategy, control advisory, and reporting standards.
• Establish and maintain control inventories, risk mappings, and report structures.
• Define expectations for control descriptions, frequency, evidence quality, and audit defensibility across the program.
• Evaluate system, process, and organizational changes for potential impact.
• Perform and/or oversee independent testing of IT General Controls (ITGCs) (access management, change management, computer operations, etc.) and IT Application Controls (ITACs) and automated controls.
• Evaluate both control design and operating effectiveness, including sampling methodologies and population completeness, evidence inspection and re-performance where required, validation of system-generated reports and data dependencies.
• Identify, document, and evaluate control exceptions, including root cause and risk implications.
• Provide authoritative interpretation of SOX/SOC standards, AICPA guidance, and auditor expectations.
• Define and challenge testing approaches, population scoping, and evidence sufficiency.
• Assess complex or ambiguous scenarios and determine impact on SOC control objectives, Report disclosures, Auditor conclusions, etc.
• Coordination with Audit Services and Technology Risk & Control.
• Act as a primary counterpart to external auditors (e.g., KPMG).
• Lead or oversee walkthroughs, testing discussions, and issue resolution.
• Review and challenge auditor testing procedures and sampling approaches, identified exceptions and proposed conclusions, and draft SOC report language and disclosures.
• Oversee SOC and SOX related issues, including exceptions and control deficiencies.
• Evaluate whether audit findings, technology risks, or control failures impact external reporting.
• Advise management on risk-based remediation strategies and prioritization.
• Ensure management responses are clear, accurate, and audit-ready.
• Align SOC, SOX and ITGC testing approaches to create consistency in control narratives, testing methodologies, and evidence expectations.
• Resolve discrepancies in control interpretation or testing outcomes.
• Support broader control environment rationalization and standardization.
• Influence senior stakeholders and control owners without formal authority.
• Provide guidance on control design improvements, evidence expectations, and testing readiness.
• Translate complex technical and audit issues into clear executive-level messaging.
• Identify opportunities to strengthen control design and completeness risk coverage.
• Stay current on SOC guidance, IT control testing practices, and regulatory expectations.

Benefits

• retirement benefits (401k and pension)
• health and welfare benefits (medical, dental, vision, spending accounts and disability)
• paid time off
• parental and caregiver leave
• life & accident insurance
• other voluntary and well-being benefits
• discretionary bonus program that may include an equity component