Sr. Lead Analyst – SOX IT Governance

KeyBankBrooklyn, OH
16d$80,000 - $150,000Hybrid

About The Position

The Sr. Lead Analyst – SOX IT Governance serves as a key subject matter expert within the Financial Risk Governance team, supporting the execution, monitoring, and continuous improvement of the Bank’s Sarbanes‑Oxley (SOX) IT controls program. This role contributes advanced analytical and technical expertise to SOX IT governance activities, leads and performs complex Test of Design evaluations for IT General Controls (ITGCs) and application controls, and helps enhance the quality and consistency of SOX IT processes. The Sr. Lead Analyst collaborates with IT, business, risk, and audit stakeholders to ensure adherence to ICFR, COSO, PCAOB, and applicable IT control frameworks, while supporting leadership in strengthening the Bank’s IT control environment and governance practices.

Requirements

  • Bachelor’s degree in Information Systems, Accounting, Finance, or related discipline.
  • Minimum 5 years of experience in SOX, IT audit, IT risk management, internal controls, or a related risk/control discipline.
  • Strong knowledge of SOX, ICFR, COSO, PCAOB, and IT control frameworks (e.g., COBIT, NIST).
  • Demonstrated experience performing or reviewing IT control design assessments, including ITGCs and application controls.
  • Strong analytical, communication, and collaboration skills.

Nice To Haves

  • Experience with GRC tools, automation, or data analytics preferred.
  • CISA, CPA, or CIA preferred.

Responsibilities

  • SOX IT Program Governance Support Support execution of SOX IT governance processes, including program documentation, governance materials, and program reporting for IT General Controls and application controls. Assist in coordinating cross‑functional discussions with IT and business stakeholders, compiling program updates, and preparing materials for senior leaders and governance committees. Contribute subject matter insights to strengthen SOX IT methodology, documentation standards, and oversight routines.
  • Test of Design (TOD) Execution & Expertise Lead and perform complex Test of Design evaluations for SOX IT controls across infrastructure, applications, and key supporting systems. Review IT control narratives, walkthroughs, and documentation to ensure accuracy, clarity, and alignment with SOX IT program standards. Provide guidance to IT control owners and testers on improving control design, documentation practices, and technology risk mitigation approaches.
  • Risk Assessment & Scoping Support Perform detailed analysis to support the annual and periodic SOX IT risk assessment and scoping process. Evaluate significant IT systems, applications, interfaces, and supporting processes using quantitative and qualitative criteria. Identify emerging technology risks and recommend updates to SOX IT scope based on changes in platforms, data flows, system implementations, or regulatory expectations.
  • Testing & Issue Management Coordination Monitor SOX IT control testing progress and review testing results for completeness and consistency with program methodology. Partner with IT testing teams, internal stakeholders, and control owners to support accurate evaluation of IT control deficiencies. Support the remediation lifecycle by validating corrective actions and ensuring alignment with SOX, ICFR, and IT control framework expectations.
  • Reporting, Metrics & Analytics Prepare dashboards, metrics, and SOX IT program status reports using GRC tools and data analytics. Summarize trends, recurring issues, and insights related to IT controls to support leadership decision‑making. Assist in preparing materials for governance committees, external auditors, and internal stakeholders.
  • Continuous Improvement & Automation Identify opportunities to streamline SOX IT processes, enhance documentation quality, and support automation or analytics initiatives related to IT controls. Contribute to tool enhancements, process redesign activities, and pilot initiatives focused on improving SOX IT program efficiency and effectiveness.
  • Training & Communication Support Assist in developing SOX IT training content for IT control owners, testers, and other stakeholders. Support delivery of training and awareness activities to promote understanding of SOX IT requirements, program updates, and control documentation expectations. Develop clear communications that enable consistent execution of SOX IT controls across technology and business areas.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service