Role Overview: Perform IT General Controls (ITGC) assessments with a primary focus on access management and Segregation of Duties (SoD) analysis across key business applications and infrastructure.
Experience: Minimum 3 years of hands-on IT audit, IT risk, or IT controls assessment experience, including leading or significantly contributing to ITGC reviews.
SoD Expertise: Proven experience designing, executing, and remediating Segregation of Duties controls, including SoD rulesets, conflict analysis, and access remediation in ERP and/or other critical business systems.
Technical Controls Knowledge: Strong understanding of ITGC domains (access security, change management, computer operations, IT governance) and familiarity with common platforms (e.g., SAP, Oracle, Microsoft, cloud environments).
Standards & Frameworks: Working knowledge of relevant frameworks/standards such as COBIT, ISO 27001, NIST, and internal control over financial reporting (e.g., SOX).
Certifications (Required/Preferred): CISA (strongly preferred/required), plus one or more of the following: CIA, CRISC, CISSP, CISM, or relevant cloud/security certifications (e.g., AZ-500, AWS Security Specialty).
Analytical & Reporting Skills: Ability to interpret complex access and SoD data, identify control gaps, quantify risk impact, and produce clear, concise reports with actionable remediation recommendations.
Stakeholder Management: Experience working with IT, business process owners, and external/internal auditors; strong communication skills to explain findings to technical and non-technical stakeholders.
Tooling & Automation: Experience with GRC tools and/or SoD analysis tools (e.g., SAP GRC, Oracle GRC, SailPoint, or similar) and proficiency in Excel/SQL/other data analysis tools.
Methodology & Documentation: Demonstrated ability to develop test plans, document controls and test results, maintain workpapers, and support walkthroughs and testing in line with audit and compliance methodologies.
