Specialist IT SOX and SAP GRC Compliance

About The Position

Requirements

• Doctorate degree OR Master’s degree and 2 years of Information Security experience OR Bachelor’s degree and 4 years of Information Security experience OR Associate’s degree and 8 years of Information Security experience OR High school diploma / GED and 10 years of Information Security experience
• Experience with ERP systems is a must (SAP S/4 Hana, Oracle, Workday, PeopleSoft).
• Ability to review queries, scripts, or logic (ABAP, SQL, Python preferred).
• Experience with using the Alteryx tool or other similar tools (e.g., Python, Oracle SQL Developer, etc.).
• Understanding of data flows, access controls, and change management.
• Strong analytical and problem-solving skills.
• Attention to detail and excellent documentation skills.
• Ability to translate technical logic into business control language.
• Effective communication with IT, Finance, and Audit teams.
• Ability to manage multiple priorities under tight timelines.

Nice To Haves

• ServiceNow IRM experience.
• Prior policy exception, audit, and service management experience.
• Attention to detail: Ensure accuracy and thoroughness in policy exception and audit preparation.
• Adaptability: Adjust to changing regulatory requirements and security threats.
• Service orientation: Focus on stabilizing and enhancing the quality of security services.
• Collaboration: Work effectively with cross-functional teams, inform and educate stakeholders, and build strong relationships with stakeholders.
• Ability to independently manage priorities and meet deadlines in a fast-paced, virtual team environment.
• Superb communication, organization, and planning skills.
• Technical curiosity with strong logical, problem-solving, and decision-making skills.
• Driven and thorough, with the ability to deal with complexity and ambiguity.
• Working experience in an Agile or DevOps environment.
• Must be team-oriented, placing priority on the successful completion of team goals.
• Practical knowledge of information security standards and frameworks such as ISO 27001/27002, NIST, and others.
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• CompTIA Security
• Certified Information Systems Security Professional (CISSP)
• SANS Global Information Assurance Certifications (GIAC)
• Experience and knowledge in financial controls and reporting will be an added advantage.
• Big 4 IT Audit or SOX advisory experience is an advantage.
• Experience with other systems such as Anaplan and Model N is an advantage.
• Experience with GRC tools such as AuditBoard is an advantage.
• Experience with IT asset management tools, such as ServiceNow, is an advantage.

Responsibilities

• Serve as a key contributor to the SOX Key Reports program, supporting reports relied upon for SOX controls.
• Perform detailed technical analysis of report logic, including code, queries, scripts, and data transformations, to understand how reports are generated.
• Validate report completeness and accuracy by reconciling report outputs to source systems and underlying data.
• Assess report logic and calculations to confirm alignment with control objectives and SOX requirements.
• Partner with system owners and developers to review report design, logic, and dependencies.
• Review and understand the custom-developed and configurable code (e.g., SAP ABAP, SQL scripts, Oracle, Workday, custom financial systems) and annotate code logic.
• Perform report tie-outs between the report provided by the process owner and the independently generated output derived from code or query review.
• Recreate report outputs using reviewed SQL queries, application logic, or ERP report code to validate accuracy.
• Reconcile record counts, key data fields, and financial totals between the process owner’s report and the code-generated output.
• Confirm report logic, parameters, and date ranges used by the process owner align with the underlying code reviewed.
• Verify that no manual manipulation or post-extraction adjustments were applied to the report after system generation.
• Investigate, document, and resolve variances identified during tie-outs, ensuring explanations are reasonable, supported, and appropriately approved.
• Analyze and interpret technical artifacts such as SQL queries, stored procedures, ETL logic, and application code as needed.
• Identify gaps, defects, or risks related to report logic, data integrity, or system changes.
• Support remediation activities when report logic or outputs do not meet SOX expectations.
• Ensure key reports meet SOX documentation and testing requirements, including report completeness, accuracy, and change management controls.
• Support internal and external audits by providing technical explanations, reconciliations, and evidence related to SOX key reports.
• Partner with SOX, compliance, and audit teams to respond to audit inquiries and testing requests.
• Participate in walkthroughs and auditor inquiries.
• Support remediation efforts and re-testing.
• Support the design, implementation, and effectiveness of SAP GRC SOX ITGC controls (Logical Access, SoD, Emergency Access).
• Assist in establishing and maintaining control frameworks, standards, and procedures aligned with SOX and company policies.
• Support governance of SAP GRC processes, including Access Request, Risk Analysis, Role Management, and Emergency Access.
• Collaborate on SoD ruleset management and user access lifecycle activities, ensuring alignment with least privilege and role-based access principles.
• Support execution of key controls such as normal and critical role reviews, privileged access monitoring, and issue remediation.
• Partner with IT Security, Basis, and application teams to ensure proper implementation of security controls within SAP environments (ECC, S/4HANA, and other integrated systems).
• Partner with Internal and External Audit teams to support audit readiness and ensure quality of supporting evidence.
• Assist in remediation efforts, including root cause analysis and implementation of corrective actions.
• Contribute to continuous improvement, automation, and stakeholder alignment across IT, Security, and business teams.

Benefits

• A comprehensive employee benefits package, including a Retirement and Savings Plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts
• A discretionary annual bonus program, or for field sales representatives, a sales-based incentive plan
• Stock-based long-term incentives
• Award-winning time-off plans
• Flexible work models where possible.