Deep understanding of SoX IT General Controls (Logical Access, Change Management, Computer Operations, SDLC)
Proven track record of design and implementation of IT Processes, Controls and Solutions that ensure adherence to ITGC best practices
Deep understanding of IT Logical Access best practices, processes and Policies
Ability to rationalize and optimize complex logical access security implementations
Participates in planning and scoping of ITGC automated application controls
Leads technology walkthroughs with business stakeholders for ITGC logical access controls and assesses the effectiveness of the processes and controls (Tests of Design)
Documents and presents opportunities for improvement
Ensures Logical Access models for applications aligns with business need
Ability to generate a detailed business requirements document detailing the features/functions/process required of a new logical access platform
Identify and document IT security risks and opportunities for improvement within the Logical Access domain
Reviews and assesses impact from issues raised by various partners, both internal and external related to the Logical Access Domain
Problem solves and completes work to meet critical deadlines.
Conducts root cause analysis, compensating and mitigating controls, and impact analysis
Conduct interviews, analyze data, and formulate recommendations to mitigate identified deficiencies and improve the overall logical access control environment
Qualifications
Bachelors degree in Management Information Systems, Business Information Systems, Computer Science, Accounting,
Minimum of 3 years of experience in IT External Audit, IT Internal Audit,
Experience designing and testing SOX ITGC, including segregation of duties assessment, identification and analysis of risks and evaluating controls effectiveness
Understanding of the COBIT, SOX, 2013 COSO framework, financial reporting risks, internal controls & test plan development
Knowledge of infrastructure and IT processes and controls (e.g., change management, backup and recovery, user access/security administration) is required
Public accounting experience preferred
External certification preferred: CISA, CISM, or CISSP
Skilled in identifying risks & controls and developing audit tests of controls
Excellent and clear verbal and written communication skills
Strong analytical, interpersonal and leadership skills with orientation toward process improvement
Excellent problem-solving skills
Proficiency in Microsoft Suite (Excel, PowerPoint and Word)