Senior IT Analyst - Global Financial Controls

About The Position

Requirements

• 5+ years of experience in SOC/SOX reporting, IT audit, IT risk, or control testing roles.
• Strong knowledge of: SOC 1 and SOC 2 frameworks.
• IT General Controls (ITGCs) and IT Application Controls (ITACs).
• Control design and operating effectiveness testing.
• Demonstrated experience performing or overseeing control testing procedures.
• Experience working with external auditors in a SOC or IT audit environment.
• Ability to assess and articulate control deficiencies and SOC impact in a clear, defensible manner.
• Strong written and verbal communication skills.

Nice To Haves

• Experience in financial services or another highly regulated industry
• Prior Big 4 audit or advisory experience (SOC/SOX/ IT audit preferred)
• Familiarity with related frameworks (SOX, COSO, NIST)
• Experience with automated controls, data interfaces, and reconciliation platforms
• Professional certifications (preferred): CPA, CISA, CISSP

Responsibilities

• Support the governance and execution of SOC 1 and SOC 2 reports, including scope definition, control mapping, and reporting timelines.
• Maintain SOC control inventories, risk-control mappings, and supporting documentation.
• Ensure SOC descriptions, assertions, and control language are accurate, consistent, and aligned to actual operating practices.
• Evaluate changes in systems, processes, or products for potential SOX and SOC impact.
• Perform independent testing of IT General Controls (ITGCs), including, Access management (provisioning, deprovisioning, recertifications), Change management (SDLC, migrations, approvals), Computer operations (job monitoring, incident management, backups), etc.
• Execute testing of business process controls and IT application controls (ITACs) within the SOC control framework.
• Assess design and operating effectiveness, including, Sampling, evidence inspection, and re-performance where applicable and Validation of key reports and system-generated data used in control execution.
• Identify control exceptions, articulate root causes, and assess impact to SOC & SOX objectives.
• Act as a key liaison with external auditors (e.g., KPMG) for planning, walkthroughs, and testing activities.
• Coordinate walkthroughs and testing across stakeholders and control owners.
• Review auditor testing approaches, requests, and results to ensure clear alignment with control intent and accurate population scoping and completeness.
• Challenge and validate auditor observations where needed to ensure defensible conclusions.
• Track SOC-related issues, testing exceptions, and management actions through remediation.
• Evaluate the impact of audit findings, technology risk issues, and control failures on SOC reports.
• Support development of clear, audit-ready management responses.
• Validate remediation effectiveness and closure of control deficiencies.
• Work closely with Technology, Information Security, Operations, and Risk teams to obtain and validate control evidence and clarify control responsibilities and execution expectations.
• Provide training and guidance to control owners on control design, evidence requirements, and audit readiness.
• Prepare clear, concise reporting for senior management and governance forums.
• Identify opportunities to improve control design, testing efficiency, and evidence quality.
• Standardize testing approaches across SOC, SOX, and internal audit frameworks.
• Stay current on SOC standards, AICPA guidance, and leading practices in IT control testing.

Benefits

• retirement benefits (401k and pension)
• health and welfare benefits (medical, dental, vision, spending accounts and disability)
• paid time off
• parental and caregiver leave
• life & accident insurance
• other voluntary and well-being benefits
• discretionary bonus program that may include an equity component