GRC SOX Program Lead

Harrisburg, Pennsylvania

Post Date: 07/13/2017 Job ID: 24122 Industry: Other Area(s)

Candidate must have strong foundational knowledge of SOX/PCI/EU Data Privacy and be able to lead an offshore team.

Basic Qualifications
  1. Experience with IT Controls testing / auditing
  2. Manages own time and audit activities
  3. Demonstrates ability to communicate clear and concrete audit requirements to audit members.
  4. Ability to multitask and work on various audits and projects in different phases
  5. Ability to make good judgments based on observations and supporting information
  6. Good interpersonal skills, including oral and written communications, listening, interviewing, fostering open communications, facilitating and influencing
  7. Analytical and inquisitive, dig deep to obtain a solid understanding of business processes and IT controls
  8. Take responsibility for assigned tasks, understanding and achieving expectations
  9. Recognize opportunities and propose solutions to improve business processes
  10. 3 - 5 years experience within audit and/or IT Controls
  11. 3 -5 years experience within information technology industr
  12. Responsible for coordination of IT Control assurance audits
  13. Interacts with external auditors and internal delivery personnel to ensure timely and accurate delivery of audit evidence / control testing.
  14. Maintains regular contact with external Auditors, internal management, and Service Delivery regarding status, issues and risks
  15. Common activities could include:
    1. Maintain audit scope document
    2. Maintain client application matrices and exemptions
    3. Formal annual review conducted in Q4
    4. Maintain audit Team room and security
    5. Maintain control owner list
    6. Meet with external auditor to review request list and address any issues/concerns;
  16. Send out request items to controls owners, providing location to populate evidence and when required
  17. Review audit evidence when received to verify accuracy and completeness
  18. Provide status reports
  19. Internal measures should track timeliness and completeness
  20. Escalate past-due and incomplete
  21. Request evidence, review evidence, follow up communications, including reminders
  22. Weekly meeting with external auditor, IT Controls lead, and audit coordinators to review issues and risks, not detailed activities
  23. Weekly meeting with external auditor, audit leads to review detail status items
  24. Create control objective testing schedule: based upon defined control priorities. This schedule also used as input into the timeline required for audit evidence (populations and samples) including follow up
  25. Monitor, report status and escalate issues or risks within the plan; internal metrics to include: actual vs. Planned, accuracy of testing
  26. Provide weekly status report to External auditor and IT Controls lead
  27. Facilitate and update management response for deficiencies
  28. Review draft reports and provide necessary updates
  29. Create CAPAs with R&C team for any and all deficiencies at end of cycle; coordinators will approve remediation plans; SL accountable to provide remediation plan, dates and complete
  30. Track status and completion of remediation plans
  31. Track execution and completion of quarterly reviews

 
Apply Online

Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: