The IT Compliance Manager will be responsible for maintaining the IT Risk Control Framework and Sarbanes Oxley (SOX) IT General Controls (ITGC) across all divisions and various technology platforms including SAP and JD Edwards ERP systems. The Manager must be familiar with the ITGC control framework, assessing and testing all aspects of ITGC controls including Change Management, Logical Access, Program Development and Computer Operations in all technology layers – Application, Database, Operating System and Network.
- Perform annual IT Risk Assessment including the following: identification of all systems supporting key financial processes; assessment of controls (general and application) for key financial systems; assessment and/or development of test procedures, including assessment of control testers.
- Maintain IT Risk Control Matrix to document all key financial systems, controls and testing procedures.
- Implement Workiva SOX for ITGC. Workiva is a web-based tool for SOX management to include IT Risk Control Matrix, ITGC Process Narratives, ITGC testing, issue evaluation and reporting.
- Coordinate and assist with testing and evaluating IT systems and controls for SOX compliance in a predominately SAP environment (testing and documentation in Workiva).
- Provide ITGC training and documentation as needed.
- Work with the IT teams and business units in remediating control deficiencies
- Evaluate third party SSAE 16 (SOC 1) reports for compliance to system control requirements.
- Make recommendations for enhancement of IT system controls and process improvements.
- Guide the project teams on IT risk and control / compliance requirements for new systems.
- Maintain timely and complete communications including identification of ITGC issues and exceptions.
- Serve as liaison to external auditor to ITGC testing.
- Ability to work on multiple projects, balancing a mix of resources, due dates and requirements.
- Develop and foster effective relationships with operating company personnel.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. May perform other duties as assigned.
- Bachelor's degree (B.A.) from four-year college or university and 5-8 years related experience required, with a heavy emphasis on information systems and auditing.
- Big 4 IT Audit background is required.
- Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), MBA preferred.
- Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases and ERP systems, SAP in particular.
- Understanding of IT control frameworks and standards such as COBIT.
- Managed IT general computing controls risk / SOX / compliance process including updates to the annual testing, test execution, review of test results, recommending solutions to gaps and addressing gaps with control owners.
- In-depth knowledge of business processes as well as process controls and risks, and understand how this relates to the IT environment and audit procedures.
- Strong analystical and problem solving skills.
- Self-motivated, displays professionalism and integrity.
- Exceptional written and oral communication skills.
- Ability to think creatively, be proactive and detail oriented.