SOX Identity and Access Management Governance Strategist

About The Position

Requirements

• Bachelor’s degree in Business, Finance, Communications or equivalent education and related training.
• Eight to twelve years of financial services or risk management experience, and/or equivalent education, training and experience.
• Strong interpersonal and relationship management skills with ability to interact and communicate within all levels of organization, across functions, and within public sector/governmental agencies.
• Strong analytical, cognitive, conceptual, critical thinking and organizational skills.
• Demonstrated leadership, communication (verbal and written), presentation and facilitation skills.
• Demonstrated planning ability with demonstrated judgment, problem-solving and decision-making skills.
• Demonstrated proficiency in basic computer applications, such as Microsoft Office software products.
• English (Required) Fluency

Nice To Haves

• Seven plus years of experience auditing SOX 404 / 302 ITGC controls, particularly within logical security and Identity & Access Management (IAM).
• Working knowledge of IAM concepts such as provisioning, de‑provisioning, role-based access, privileged access management (PAM), authentication/authorization mechanisms, and access review processes.
• Hands-on or oversight experience with IAM platforms (e.g., SailPoint, Active Directory / Azure AD, CyberArk, etc.).
• Experience supporting or executing ITGC walkthroughs, control testing, or evaluating IT control deficiencies.
• Familiarity with SOC 1 / SOC 2 reporting and related control environments.
• Understanding of IAM technologies (e.g., SailPoint, Active Directory, PAM tools)
• Ability to identify control gaps or deficiencies

Responsibilities

• Understand and apply IT general controls, particularly in areas such as provisioning, de-provisioning, access reviews, privileged access, authentication methods, and system access governance.
• Evaluate emerging risks, control failures, and design opportunities.
• Translate technical problems into SOX impact assessments.
• Recommend feasible, risk-based remediation strategies.
• Support control owners in designing sustainable control improvements.
• Contribute to or own routine SOX reporting cycles, including executive-level updates, committee reporting, and escalation of emerging or systemic risks.
• Coordinate with internal/external auditors on ITGC walkthroughs.
• Manage evidence requests.
• Clarify process or control questions.
• Help drive consistent messaging across technology teams.
• Document issues/deficiencies.
• Develop remediation plans.
• Track progress and ensure timely closure.
• Provide SOX and IT risk perspective when new technology initiatives launch, system changes are made, or IAM or security processes are redesigned.
• Provide coordination, effective challenge and robust independent oversight of policies, limits, and committees to drive effective governance structures and requirements to effectively manage and mitigate risks within assigned business units and support alignment with the overall corporate strategy.
• Provide consultative leadership and develop working relationships across assigned business units and committees to drive the implementation and execution of a multi-level governance document structure and comprehensive inventory for all defined governance materials.
• Support and contribute to the design, implementation, and execution of comprehensive, forward-looking and risk-based frameworks, processes, and systems for prioritizing, structuring, reviewing and approving governance materials throughout the company.
• Support the monitoring and execution of risk governance policies and procedures to establish defined processes, clear roles and responsibilities, and effective challenge routines.
• Identify and monitor risk governance exceptions, issues, and emerging trends across assigned business units and committees to drive their remediation, acceptance, or escalation to governing bodies.
• Document the governance and reporting program including methodologies, processes and procedures, report writing, conventions for consistently vetting and documenting findings and working papers.
• Lead the Development and maintenance of processes and procedures to ensure the accuracy of the reports produced by the team.
• Evaluate control weakness or key indicators exceeding risk limits and perform root cause analysis.
• Build a working knowledge of the business units strategic plan, key objectives, risk appetite statement, and RSCA process to understand the risks identified and controls applied to mitigate them in order to execute ad hoc risk management initiatives and controls testing.
• Assist in the detection of emerging and/or under recognized risks.
• Conduct data aggregation to support risk appetite framework and quarterly profile, including KRI's and ongoing risk identification.
• Assist business leaders in development of RAF metrics and thresholds.
• Generate content for regular management and risk program governance committees.
• Facilitate Risk Committee and other risk committee/working groups.
• Demonstrate Truist’s risk culture.

Benefits

• medical
• dental
• vision
• life insurance
• disability
• accidental death and dismemberment
• tax-preferred savings accounts
• 401k plan
• 10 days of vacation
• 10 sick days
• paid holidays