We are looking for a highly skilled IT SOX Manager with a robust background in IT SOX compliance, audit, and project management for our esteemed global shipping client. The ideal candidate will possess a deep expertise in control frameworks, data analytics, and process documentation. This role demands exceptional communication skills and the ability to collaborate effectively with diverse stakeholders to ensure comprehensive compliance with SOX requirements.
The ideal candidate should have a minimum of 7 years’ experience in IT SOX compliance, IT audit, or a related field, ideally including 2-3 years with a Big 4 firm. Strong leadership skills are essential for navigating challenging and dynamic objectives.
Responsibilities:
- Leads the creation of a Risk Control Matrix to map controls to identified risks, ensure proper coverage and inventory of controls for each process, establish transparency and completeness of coverage with consideration on the controls frameworks such as COBIT, NIST, ISO 27000 and CIS
- Develops, directs and leads IT SOX compliance efforts, including review and tracking of IT controls design assessments, controls validation testing, and gap remediation according to Internal Audit concepts (Sarbanes-Oxley, COSO, and/or evaluations of systems of internal control) and SEC/PCAOB/SEC guidelines
- Maintains current understanding of IT audit/technology developments and emerging risks, and proactively identify IT risks and process improvement opportunities according to company-wide initiatives and changes
- Performs SOX testwork and advice to partners on policies and procedures, system implementations, regulatory and compliance requirements, application and infrastructure updates, cybersecurity, change management, asset management, business continuity and disaster recovery, and data privacy, etc.
- Collaborates with application owners to facilitate the onboarding process, providing guidance and support through the change management process to ensure proper alignment with SOX requirements, and oversees completion of required SOC 1/2 controls assessments, inventory of End User Computing (EUC) Tools and Models
- Assists with designing and deploying audit procedures and techniques for technical / IT areas such as segregation of duties and critical access, ERP configuration controls and other related areas
- Assists application owners in understanding the associated ITGC and ITAC controls for new applications being onboarded, and coordinate and conduct controls testing to assess the effectiveness and compliance of implemented controls
- Coordinates with Internal and External Auditors to support the SOX audits and reviews
Requirements / Qualifications:
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), or equivalent.
- Minimum of 7+ years of professional working experience required in IT SOX compliance, IT audit, or a similar role ; 2-3 years of Big 4 experience strongly preferred
- Strong analytical and problem-solving skills, with experience in utilising tools like Visio to visually represent application flows and identify controls from applications within the SOX scope, with experience in data analytics (e.g. ACL) and data extraction methods such as using Excel Macros, Python, R language, etc.
- Strong project management skills, with the ability to manage multiple priorities and deliver results within defined timelines
- Demonstrates excellent communication and interpersonal skills to lead and collaborate effectively with cross-functional stakeholders at all levels to create and understand comprehensive process flows, control matrices and effective completion of control documentation to facilitate mapping of upstream and downstream processes
- A diligent and effective manager who leads by example, demonstrates strong personal credibility and integrity, and works effectively as an integral part of the SOX team to achieve challenging and dynamic objectives
We regret that only shortlisted candidates will be notified. Thank you for your understanding.
