Senior SOX IT Analyst

About The Position

Requirements

• Bachelor’s degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience
• 5+ years of relevant work experience in public accounting, internal auditing, and/or in SOX industry experience. Technology or Software industry experience preferred
• Hands-on experience executing and managing cybersecurity assessments in a heavily regulated industry, including writing, documenting, and assessing risks/controls and drafting business process summaries for executives
• Strong IT & security risk domain knowledge of technology and cybersecurity best practices, principles, tools, and industry control frameworks (e.g., SOX, GLI, NIST CSF, SOC2, PCI, CIS Critical Controls, COBIT, ITIL, CMMI)
• Experience with designing testing approaches for ITGCs, ITACs, Interface Monitoring and related supporting controls
• Understand the ITGC relationship with financial reporting to properly scope a SOX environment
• “Anything Is Possible” attitude that is highly organized and results-driven to solve our most important challenges
• Comfortable navigating shifting priorities in a fast-paced environment, with the ability to work independently with minimal supervision while also as an exceptional team player that excels at cultivating relationships and promoting collaboration and cohesiveness to fulfill our “We Are One Team” principle
• Ability to translate risk/control standards into functional business requirements
• Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders
• Proficient working with Google suite, GRC and project management tools (e.g., JIRA, AuditBoard, Netsuite)
• “Stay Hungry, Stay Humble” mindset that strives to continuously learn and share new skills with others, and embraces a steep learning curve to understand our business and technology drivers to get the job done
• Travel domestically and internationally if required.

Nice To Haves

• Relevant professional certifications such as CISA, CISSP, CPA, CISM, or CRISC are preferred
• Strong preference for candidates based in Boston, New York City, and Chicago

Responsibilities

• Liaise with the SOX Testing team (Internal Audit) and key stakeholders to ensure Flywire’s overall compliance with SOX Section 404 requirements.
• Collaborate with various teams for all matters related to SOX IT General Controls (ITGC)
• Respond to inquiries and escalations related to SOX ITGCs from internal and external auditors, ensuring timely resolution and clear communication
• Work in lockstep with SOX team to ensure scope alignment and audit support
• Drive efforts to improve SOX IT scoping strategies, develop a comprehensive understanding of applicable IT and business processes, and support the maintenance of integrated IT and business process, risk and control framework documentation
• Consult on the control design and implementation of required and repeatable ITGCs with process owners to meet regulatory requirements, including for new products, processes and system implementation launches ensuring appropriate internal controls are in place prior to launch
• Create and improve SOX ready documentation (e.g., narratives, flow charts, IT process & control descriptions)
• Evaluate and track reported control deficiencies, root causes, and planned correctiveactions in conjunction with IT and business process owners to ensure timely and accurate resolution
• Contribute to regular reports to senior leadership, and other stakeholders on the status of SOX IT compliance, control issues, and remediation progress
• Strive to continuously improve the SOX program to be more efficient and effective through optimization and automation:
• Support the stand up of a continuous controls monitoring tool by ensuring SOX ITGC requirements are defined and in place to enable SOX readiness including automated ITGC evidence gathering and testing efforts
• Support the integration of IT SOX controls with broader compliance initiatives, including PCI DSS, SOC2, and other regulatory requirements as needed
• Serve as a subject matter expert on SOX ITGCs and provide guidance on ITGC-related matters thru cross functional discussions and workshops to foster a proactive risk management culture and alignment with SOX requirements and company objectives
• Support training and communications as needed on relevant IT general control practices for the technology & cyber community
• Stay abreast of evolving technology & cyber threats, news, and trends to enhance risk and control management strategies
• Assist with special risk assessment and department initiatives, as assigned
• Maintain procedures, playbooks, virtual webpages, and metrics dashboards surrounding SOX ITGC effectiveness

Benefits

• Competitive compensation, including Restricted Stock Units
• Employee Stock Purchase Plan (ESPP)
• Flying Start - Our immersive Global Induction Program (Meet our Execs & Global Teams)
• Work with brilliant people that will keep you on your toes, learn more about their journeys by checking out #InsideFlywire on social media
• Dynamic & Global Team (we have been collaborating virtually for years!)
• Wellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates
• Competitive time off including FlyBetter Days to volunteer in your community and Digital Disconnect Days!
• Great Talent & Development Programs (Managers Taking Flight – for new or aspiring managers!)