Sr. Lead Analyst – SOX IT Governance

About The Position

Requirements

• Bachelor’s degree in Information Systems, Accounting, Finance, or related discipline.
• Minimum 5 years of experience in SOX, IT audit, IT risk management, internal controls, or a related risk/control discipline.
• Strong knowledge of SOX, ICFR, COSO, PCAOB, and IT control frameworks (e.g., COBIT, NIST).
• Demonstrated experience performing or reviewing IT control design assessments, including ITGCs and application controls.
• Strong analytical, communication, and collaboration skills.

Nice To Haves

• Experience with GRC tools, automation, or data analytics preferred.
• CISA, CPA, or CIA preferred.

Responsibilities

• SOX IT Program Governance Support Support execution of SOX IT governance processes, including program documentation, governance materials, and program reporting for IT General Controls and application controls. Assist in coordinating cross‑functional discussions with IT and business stakeholders, compiling program updates, and preparing materials for senior leaders and governance committees. Contribute subject matter insights to strengthen SOX IT methodology, documentation standards, and oversight routines.
• Test of Design (TOD) Execution & Expertise Lead and perform complex Test of Design evaluations for SOX IT controls across infrastructure, applications, and key supporting systems. Review IT control narratives, walkthroughs, and documentation to ensure accuracy, clarity, and alignment with SOX IT program standards. Provide guidance to IT control owners and testers on improving control design, documentation practices, and technology risk mitigation approaches.
• Risk Assessment & Scoping Support Perform detailed analysis to support the annual and periodic SOX IT risk assessment and scoping process. Evaluate significant IT systems, applications, interfaces, and supporting processes using quantitative and qualitative criteria. Identify emerging technology risks and recommend updates to SOX IT scope based on changes in platforms, data flows, system implementations, or regulatory expectations.
• Testing & Issue Management Coordination Monitor SOX IT control testing progress and review testing results for completeness and consistency with program methodology. Partner with IT testing teams, internal stakeholders, and control owners to support accurate evaluation of IT control deficiencies. Support the remediation lifecycle by validating corrective actions and ensuring alignment with SOX, ICFR, and IT control framework expectations.
• Reporting, Metrics & Analytics Prepare dashboards, metrics, and SOX IT program status reports using GRC tools and data analytics. Summarize trends, recurring issues, and insights related to IT controls to support leadership decision‑making. Assist in preparing materials for governance committees, external auditors, and internal stakeholders.
• Continuous Improvement & Automation Identify opportunities to streamline SOX IT processes, enhance documentation quality, and support automation or analytics initiatives related to IT controls. Contribute to tool enhancements, process redesign activities, and pilot initiatives focused on improving SOX IT program efficiency and effectiveness.
• Training & Communication Support Assist in developing SOX IT training content for IT control owners, testers, and other stakeholders. Support delivery of training and awareness activities to promote understanding of SOX IT requirements, program updates, and control documentation expectations. Develop clear communications that enable consistent execution of SOX IT controls across technology and business areas.