Senior GRC Analyst - SOX

About The Position

Requirements

• Bachelor’s degree in Accounting, Information Systems, or a related field, or equivalent experience.
• 3-5 years of experience in IT Audit, SOX compliance, or internal controls; CISA, CIA or CISSP preferred.
• Strong understanding of the COSO 2013 and COBIT frameworks.
• Experience testing Enterprise-level SaaS systems (e.g., NetSuite, Workday, Salesforce).
• Exceptional documentation skills and attention to detail.
• Proven ability to influence stakeholders without direct authority and explain complex compliance requirements to non-technical teams.

Nice To Haves

• Demonstrated experience auditing payment systems is a plus

Responsibilities

• Provide oversight and guidance to management for existing or newly acquired systems coming into SOX scope by validating the design and implementation of IT General Controls to ensure controls are risk-aligned and audit-ready.
• Participate in the design and implementation assessment of IT Application Controls (ITACs), such as automated three-way matches, configurations, and system-generated reports (IPE), providing guidance to management on reliance criteria and control design to support consistent implementation and efficient auditor reliance.
• Facilitate external audit requests by acting as a liaison between control owners and the external audit firm.
• Perform root cause, exposure, and lookback analyses for identified control deficiencies and partner with stakeholders on remediation plans.
• Monitor the implementation of new systems to identify SOX impact and define new control requirements.
• Update and maintain the GRC platform to ensure real-time visibility into compliance status.
• Contribute to the SOX risk assessment and scoping exercise to ensure high-risk areas are prioritized as the business evolves.