Diverse Lynx
IT SOX Compliance Auditor
Diverse Lynx, Austin, Texas, us, 78716
Role: IT SOX Compliance Auditor
Location: ustin, TX
Duration: 12+ Months
Experience: 8+ Year
Role Description: • Manage timely performance of control assessments, review of control supporting evidence as second line of defense• Actively assist in annual IT Risk Assessment including the following: identification of all systems supporting key financial processes; assessment of controls (general and application) for key financial systems; assessment and/or development of test procedures, including assessment of control testers.• Maintain IT Risk Control Matrix to document all key financial systems, controls and testing procedures.•
Ensure proper accounting of SOX documentation for ITGC to include IT Risk Control Matrix, ITGC Process Narratives, ITGC testing, issue evaluation and reporting .• Identify opportunities and support automation in process and ITGC controls to improve the efficiency.• Support coordination and perform testing and evaluation of IT systems and controls for SOX compliance in a predominately SAP environment.• Support efforts for ITGC training and documentation as needed.• Work collaboratively with the IT teams and business units in remediating control deficiencies•
Evaluate third party SSAE 18 (SOC 1) and/or SOC 2 reports
for compliance to system control requirements.• Make recommendations for enhancement of IT system controls and process improvements.• Work on projects to implement IT risk and control / compliance requirements for new systems.• Provide timely and complete communications within the IT department, Internal Audit and Compliance including identification of ITGC issues and exceptions.• Serve as liaison to internal and external auditors for ITGC testing and other compliance initiatives. • Ability to work on multiple projects, balancing a mix of resources, due dates and requirements.• Develop and foster effective working relationships within IT at each of the Divisions as well as key Business, Internal Audit and Compliance personnel.• Work collaboratively with necessary stakeholders and teams for GDPR compliance and implementation.• Work closely with owners of the Access Control, Release Management, Change Management and Vendor Management processes to ensure compliance with the ITGC Framework.• As assigned, perform review of assigned SDLC key control deliverables and advice Project Managers on SDLC risks and controls.• Audit projects for SDLC and key control compliance.• Besides above responsibilities and duties, this position may require to take up additional responsibilities as assigned.
Essential Skills: The IT and Information Security Compliance Staff Auditor will be
responsible for supporting maintenance of the IT Risk Control Matrix, performing Sarbanes Oxley (SOX) IT General Controls (ITGC) and Information Security compliance controls
across all divisions and various technology platforms including SAP and other third-party hosted systems. Besides SOX, IT and Information Security Compliance Staff Auditor maybe assigned controls and required to perform tasks for other compliance programs like GDPR and regional statutory audit programs as necessary. The Staff Auditor must be familiar with the SOX ITGC control framework, COBIT, and NIST Cyber Security Framework, and, assessing and testing different aspects of Information Security and SOX ITGC controTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.• Bachelors or Master's Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field
and 5+ years of relevant experience in IT Audit/Compliance; or equivalent combination of education and experience .• In-depth knowledge of business processes as well as process controls and risks and an understanding on how this relates to the IT environment and audit procedures.•
Big 4 IT Audit background or Fortune 100 companies (with SAP ERP) experience is a plus .
One or more of the following is desired : o Certified Information Systems Auditor (CISA)o Certified Internal Auditor (CIA)• Understanding of IT control frameworks and standards such as COBIT.• Performed and led IT general computing controls risk / SOX / compliance process including updates to the annual testing, test execution, review of test results, recommending solutions to gaps and addressing gaps with control owners.• Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases and ERP systems.• Experience with SAP's ECC, BW, SCM, PI/PO, TM and BOBJ applications and services.• Experience with SAP's GRC Access Control tool along with Segregation of Duty (SOD) analysis and sensitive administrative T-Codes and privileged user access is a plus.• Experience with project management.• Proven experience in navigating complex organizations, creative problem solving and effective relationship management.• Work collaboratively with cross-functional teams• Ability to translate complex technical topics into easy to understand concepts and the ability to manage escalations and communications.• Strong verbal and written communication skills with ability to effectively communicate with peers and executive leadership.• Strong leadership and time management skills. Specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
Role Description: • Manage timely performance of control assessments, review of control supporting evidence as second line of defense• Actively assist in annual IT Risk Assessment including the following: identification of all systems supporting key financial processes; assessment of controls (general and application) for key financial systems; assessment and/or development of test procedures, including assessment of control testers.• Maintain IT Risk Control Matrix to document all key financial systems, controls and testing procedures.•
Ensure proper accounting of SOX documentation for ITGC to include IT Risk Control Matrix, ITGC Process Narratives, ITGC testing, issue evaluation and reporting .• Identify opportunities and support automation in process and ITGC controls to improve the efficiency.• Support coordination and perform testing and evaluation of IT systems and controls for SOX compliance in a predominately SAP environment.• Support efforts for ITGC training and documentation as needed.• Work collaboratively with the IT teams and business units in remediating control deficiencies•
Evaluate third party SSAE 18 (SOC 1) and/or SOC 2 reports
for compliance to system control requirements.• Make recommendations for enhancement of IT system controls and process improvements.• Work on projects to implement IT risk and control / compliance requirements for new systems.• Provide timely and complete communications within the IT department, Internal Audit and Compliance including identification of ITGC issues and exceptions.• Serve as liaison to internal and external auditors for ITGC testing and other compliance initiatives. • Ability to work on multiple projects, balancing a mix of resources, due dates and requirements.• Develop and foster effective working relationships within IT at each of the Divisions as well as key Business, Internal Audit and Compliance personnel.• Work collaboratively with necessary stakeholders and teams for GDPR compliance and implementation.• Work closely with owners of the Access Control, Release Management, Change Management and Vendor Management processes to ensure compliance with the ITGC Framework.• As assigned, perform review of assigned SDLC key control deliverables and advice Project Managers on SDLC risks and controls.• Audit projects for SDLC and key control compliance.• Besides above responsibilities and duties, this position may require to take up additional responsibilities as assigned.
Essential Skills: The IT and Information Security Compliance Staff Auditor will be
responsible for supporting maintenance of the IT Risk Control Matrix, performing Sarbanes Oxley (SOX) IT General Controls (ITGC) and Information Security compliance controls
across all divisions and various technology platforms including SAP and other third-party hosted systems. Besides SOX, IT and Information Security Compliance Staff Auditor maybe assigned controls and required to perform tasks for other compliance programs like GDPR and regional statutory audit programs as necessary. The Staff Auditor must be familiar with the SOX ITGC control framework, COBIT, and NIST Cyber Security Framework, and, assessing and testing different aspects of Information Security and SOX ITGC controTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.• Bachelors or Master's Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field
and 5+ years of relevant experience in IT Audit/Compliance; or equivalent combination of education and experience .• In-depth knowledge of business processes as well as process controls and risks and an understanding on how this relates to the IT environment and audit procedures.•
Big 4 IT Audit background or Fortune 100 companies (with SAP ERP) experience is a plus .
One or more of the following is desired : o Certified Information Systems Auditor (CISA)o Certified Internal Auditor (CIA)• Understanding of IT control frameworks and standards such as COBIT.• Performed and led IT general computing controls risk / SOX / compliance process including updates to the annual testing, test execution, review of test results, recommending solutions to gaps and addressing gaps with control owners.• Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases and ERP systems.• Experience with SAP's ECC, BW, SCM, PI/PO, TM and BOBJ applications and services.• Experience with SAP's GRC Access Control tool along with Segregation of Duty (SOD) analysis and sensitive administrative T-Codes and privileged user access is a plus.• Experience with project management.• Proven experience in navigating complex organizations, creative problem solving and effective relationship management.• Work collaboratively with cross-functional teams• Ability to translate complex technical topics into easy to understand concepts and the ability to manage escalations and communications.• Strong verbal and written communication skills with ability to effectively communicate with peers and executive leadership.• Strong leadership and time management skills. Specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.