SOX IT Auditor

Role Summary

The SOX IT Auditor (Applications) will play a critical role in ensuring compliance with Sarbanes-Oxley (SOX) requirements by evaluating the effectiveness of internal controls over financial reporting, specifically within IT applications. This individual will work closely with cross-functional teams, including finance, IT, and external auditors, to assess risk, test controls, and identify areas for improvement in IT application systems.

Responsibilities & Tasks

Key Responsibilities:
Perform SOX audits focusing on IT applications and general computer controls, particularly in areas like access control, change management, and data integrity.
Test the design and operating effectiveness of IT controls within key financial systems (e.g., ERP, databases, financial reporting applications).
Ensure IT processes and controls comply with SOX requirements, industry regulations, and best practices.
Identify and assess risks related to financial application processes and technology environments.
Work with control owners to identify gaps, propose remediation efforts, and track resolution.
Document audit findings and recommendations, presenting them to management and key stakeholders.
Assist in the coordination and execution of external audit requirements, ensuring a smooth audit process.
Provide input on the development and improvement of IT governance frameworks and SOX compliance programs.
Support the company’s efforts to maintain compliance with evolving regulatory requirements (e.g., cybersecurity frameworks, data privacy laws).
Continuously monitor and assess technology trends and risks that might impact SOX compliance.

Experience, Skills and Qualifications Required

Qualifications:
Bachelor’s degree in Information Technology, Computer Science, Accounting, or a related field.
3-5 years of experience in IT auditing, specifically in SOX compliance or a related field (Big 4 firm experience is a plus).
Knowledge of IT General Controls (ITGCs) and Application Controls as they relate to SOX.
Strong understanding of ERP systems (e.g., SAP, Oracle), financial applications, and associated risk areas.
Experience with audit tools such as ACL, IDEA, or GRC software (Governance, Risk, and Compliance).
Certifications such as CISA (Certified Information Systems Auditor), CISSP, or CPA preferred.
Strong analytical, problem-solving, and communication skills.
Ability to work independently and with cross-functional teams.
Understanding of key regulations and standards (e.g., COSO framework, COBIT, NIST).