Sr. IT Internal Controls Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Information Security, Computer Science, Business, Accounting, or related field.
• At least 3 years of experience in IT internal controls, external audit, internal audit, or a related role.
• Experience designing, implementing, and/or testing IT general controls (i.e., SDLC, change management, access management, and interfaces/integrations).
• Familiarity with using modern GRC tools to effectively manage IT internal control execution and testing
• In-depth understanding of IT General Controls (i.e., Change Management, Access, IT Operations), SDLC, and application controls
• Knowledge of SOX audit scoping, testing, and sampling methodologies
• Experience developing and maintaining IT internal control documentation (e.g., risk control matrices, narratives, process flow diagrams, etc.)
• Familiarity with SOC 1 report reviews and documenting complementary user entity controls
• Knowledgeable on managing and mitigating segregation of duties violations
• Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
• Strong analytical, problem solving, and critical thinking skills, including the ability to anticipate issues and to design appropriate solutions
• Detail and deadline oriented, with the ability to tackle multiple tasks and priorities simultaneously
• Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint, Visio)

Nice To Haves

• CISA, CISSP, CIA, CPA, CRISC, or CISM
• Experience designing SAP controls
• Experience using AuditBoard SOXHUB module
• Experience configuring and deploying modern GRC tools
• Experience auditing or consulting for a Big 4 firm
• Advanced skills in Excel and data analytical tools.

Responsibilities

• Support all aspects of IT compliance with internal control requirements, including designing, implementing, documenting, and testing IT controls and processes.
• Collaborate with IT, finance, and other cross-functional teams to identify and document key IT controls and processes that are subject to compliance.
• Create and maintain IT controls environment documentation (e.g., process flows, narratives, control matrices, role security matrices, etc.) by conducting walkthroughs, identifying relevant information, and documenting key details.
• Assess the impact of new business initiatives, system implementations, and IT policy changes on the IT internal controls environment.
• Provide guidance and training to support compliance.
• Conduct regular assessments and audits of IT internal controls to ensure compliance with requirements and identify any potential compliance risks or issues.
• Identify control gaps, evaluate risk, and develop corrective action plans to address deficiencies, enabling sustainable control processes.
• Develop and implement IT compliance policies, procedures, and guidelines to ensure adherence to regulations and industry standards.
• Support the timely delivery of necessary documentation and evidence to internal and external auditors.
• Support the selection, configuration, and adoption of GRC tools to facilitate IT internal controls initiatives.
• Execute or facilitate the execution of IT internal controls activities, where applicable.
• Suggest efficiencies and continuous improvement opportunities related to the IT internal controls program.
• Provide training on IT internal controls, as needed.
• Collaborate with cross-functional teams to develop, implement, and remediate IT internal controls.
• Monitor and report on control effectiveness and other program key performance indicators via metrics and dashboards.
• Stay current on changes to the IT internal controls regulatory environment and their impact to Medline.

Benefits

• health insurance
• life and disability
• 401(k) contributions
• paid time off
• Employee Assistance Program
• Employee Resource Groups
• Employee Service Corp