SOX Internal Audit Senior

About The Position

Requirements

• Bachelor’s degree in accounting, audit, finance, information systems, or a related field.
• 5+years of progressive SOX, audit, or internal control experience, with demonstrated ability to independently lead assigned SOX areas in a complex environment.
• Strong working knowledge of COSO and COBIT frameworks and SOX scoping and testing methodologies.
• Technical knowledge in SOX and auditing business process applications.
• Proficiency with SOX GRC platforms, Microsoft Office tools, and data analysis or visualization solutions.
• Strong written and verbal communication skills, including the ability to clearly document conclusions and discuss control issues with stakeholders.
• Demonstrates the professional qualifications, technical knowledge, and judgment required complete SOX compliance activities in accordance with regulatory and Internal Audit standards.
• Independently plan, execute, and conclude assigned SOX processes in a complex environment, leveraging prior SOX and internal control experience to drive timely completion, high‑quality documentation, and effective issue identification.
• Maintain complete, accurate, and audit‑ready SOX documentation using approved GRC tools and Microsoft Office applications, and clearly communicate control conclusions, issues, and risks to stakeholders.

Nice To Haves

• CPA, CIA, CISA, CCSA, or CFE strongly preferred
• Previous experience in electric power generation, electric retail, or energy trading businesses strongly preferred.
• Proficient understanding of complex processes and controls in electric power generation, electric retail or energy trading businesses is desired.

Responsibilities

• Participate in and provide meaningful input into the annual financial statement risk assessment, including identification of key risks, in scope processes, and relevant controls.
• Serve as the primary SOX point of contact for assigned business processes, working directly with control owners to evaluate control design, execution, and sustainability.
• Independently perform and document SOX walkthroughs and testing, including assessment of design and operating effectiveness and clear articulation of conclusions and identified risks.
• Identify, evaluate, and document control deficiencies, including preliminary severity assessments and root cause analyses, and support remediation planning and tracking.
• Apply professional skepticism to challenge control design, execution, and evidence quality, escalating issues and risks as appropriate.
• Review SOC 1 reports for assigned service providers, identify relevant user entity controls, and assess the impact of control gaps on Vistra’s SOX program.
• Contribute to quarterly SOX status reporting for management and the Audit Committee, including testing progress, deficiencies, and remediation status.
• Maintain strong, collaborative relationships with business partners while ensuring SOX requirements are consistently met.
• Coordinate directly with external auditors for assigned processes, including walkthroughs, testing alignment, and resolution of SOX related questions. Maintain accurate and complete documentation within the SOX GRC system, including control narratives, risk assessments, testing results, and issue tracking in accordance with Vistra’s SOX methodology.
• Provide informal guidance and knowledge sharing to junior team members and assist with special projects or operational audits as needed.