Senior IT General Controls (ITGC) Financial Operations (0059-0012)
1. Lead end-to-end IT control assurance by scoping in-scope systems/tools supporting key controls (e.g., Active Directory), performing risk assessment, developing RCMs and control narratives, designing audit test plans for ITGC/ITACs, and executing ITGC testing over access management, authentication, and change approval controls.
2. Perform ITGC walkthroughs with system owners and process stakeholders to confirm workflows, identity risks, and test and evaluate design and operating effectiveness of ITGC to assess design and operating effectiveness across key domains, including access management, change management, IT operations controls, and related security controls.
3. Execute access management control testing, including user provisioning/de-provisioning, authentication and password configuration, privileged access, and periodic user access reviews (UARs), to confirm appropriate access aligned with business needs.
4. Assess change management and operational controls by evaluating change requests, change approvals, testing evidence, and deployment controls, including evidence maintained in workflow/ticketing and SDLC tools, including Active Directory, JIRA, and GitHub.
5. Perform IT operations control testing, including job monitoring, incident management, and operational procedures that support system availability and integrity.
6. Validate system-generated reports / IPE relied upon in control activities by testing completeness and accuracy, including source data, report logic, system parameters/configurations, and supporting evidence.
7. Perform end-to-end risk assessment, risk and control matrices (RCMs) development, as well as IT application control (ITAC) testing for business processes, assess system logic, configurations, and reliability of system-generated outputs used in controls.
8. Evaluate test results and control deficiencies, applying professional judgment to assess evidence sufficiency, classify deficiencies, determine when expanded procedures are required, and document proposed remediation strategies to address identified gaps.
9. Prepare audit-grade workpapers documentation under PCAOB standards, supporting control conclusions and subject to internal quality reviews and regulatory inspection.
10. Review and supervise testing work performed by offshore team members to ensure methodology compliance, consistency, and documentation quality.
11. Review vendor SOC reports and document CUECs and control ownership to support third-party reliance in SOX testing and execute IT General Control (ITGC) and business process control testing for SOX engagements.
12. Perform segregation of duties (SOD) analyses within production and/or financial application environments to identify conflicting access and risks of unauthorized financial activity.
Education and Experience Requirements
The position requires a Bachelor's (or foreign educ. equiv.) Degree in Accounting, Business Administration, Information Systems, or a related field and 2 years of experience in the job offered or related occupation.
Special Skills Requirements
Experience must include: a. Evaluating the design and operating effectiveness of ITGC over enterprise applications and identifying management platforms supporting or impacting financial reporting, including access provisioning and de-provisioning, authentication/password configuration, privileged access, change management, and IT operations controls. b. Performing risk assessment, risk and control matrices (RCMs) development, control narratives preparation, and audit test plans design for IT General Controls (ITGC) and business process controls/ITACs. c. Validating system-generated reports by testing completeness and accuracy, underlying data sources, report logic, and system configuration parameters relied upon in clients’ key processes. d. Leading walkthroughs with system owners and process stakeholders to confirm workflows, identify risks, and refine control testing procedures. e. Performing scoping analysis of tools supporting clients’ key financial and operational controls and directing ITGC testing over in-scope tools, including Active Directory, Jira, and GitHub, to evaluate access management, authentication controls, and change approvals. f. Assessing complementary user entity controls (CUECs) and control ownership between service organizations and user entities. g. Conducting segregation of duties (SOD) analyses within production and/or financial application environments to identify risks of unauthorized financial activity. h. Preparing workpapers under PCAOB standards, supporting conclusions and subject to internal quality reviews and regulatory inspection. i. Supervising offshore staff performing audit testing, reviewing workpapers for compliance with audit methodology, and coordinating testing activities with engagement leadership.
Travel Requirements
Will travel 10% of the time nationally to various cities in the U.S. to meet with clients.
May Telecommute.
Salary
$102,000 per annum. 40 hours per week; M-F.
Please copy and paste your resume in the email body (do not send attachments, we cannot open them) and email it to candidates at placementservicesusa.com with reference #0059-0012 in the subject line.
Thank you.