IT SOX Controls Analyst

Job Title

IT SOX Controls Analyst

Location

UK

1. Role Purpose:

The IT SOX Controls Analyst plays a critical role in safeguarding the integrity of financial reporting by ensuring that IT systems and processes comply with Sarbanes-Oxley (SOX) requirements. This position is responsible for evaluating, testing, and monitoring IT General Controls (ITGCs) and application controls across key financial systems to mitigate risks related to data accuracy, security, and system reliability.

The analyst will collaborate closely with IT operations, application owners, Finance and HR functions, internal audit, and external auditors to maintain a robust control environment. This includes identifying potential control gaps, recommending remediation strategies, and supporting process improvements to strengthen compliance and operational efficiency.

• In addition to hands-on testing and documentation, the IT SOX Controls Analyst will act as a subject matter expert for IT compliance, providing guidance on control design during system implementations, upgrades, and process changes. The role requires strong analytical skills, attention to detail, and the ability to communicate effectively across technical and non-technical stakeholders.

• Ultimately, this position ensures that IT controls are not only compliant with regulatory standards but also aligned with industry best practices, enabling the organization to meet its financial reporting obligations confidently and efficiently.

1. Main Responsibilities:

1. SOX Control Testing

• Execute design and operating effectiveness testing for IT General Controls (ITGCs) such as:
• Access Management (user provisioning, de-provisioning, privileged access reviews).
• Change Management (system changes, patches, and upgrades).
• IT Operations (backup, job scheduling, incident management).
• Document test results and maintain evidence in compliance with SOX standards.
• Identify control deficiencies and work with IT teams to develop remediation plans.
• Recommend enhancements to IT control processes for efficiency and effectiveness.
• Assist in automation initiatives to streamline compliance activities.

2. Documentation & Reporting

• Maintain accurate and up-to-date SOX compliance documentation for IT controls.
• Prepare test scripts, evidence logs, and control narratives.
• Generate periodic reports on control status, deficiencies, and remediation progress for management.

3. Audit Coordination

• Act as the primary liaison for internal and external auditors during SOX audits.
• Respond to audit requests promptly and provide supporting documentation.
• Facilitate walkthroughs and explain IT processes and control designs.

4. Risk Assessment & Control Design

• Assist in annual risk assessments to identify key IT systems and processes impacting financial reporting.
• Review new system implementations or major changes to ensure SOX compliance.
• Advise IT teams on control requirements during project planning phases.

5. Issue Management & Remediation

• Track and monitor control deficiencies and remediation efforts.
• Collaborate with IT and business teams to ensure timely resolution.
• Validate remediation actions and perform re-testing as needed.

6. Continuous Improvement

• Identify opportunities to streamline SOX processes and reduce manual effort.
• Support automation initiatives for control testing and evidence collection.
• Stay updated on regulatory changes and best practices in IT compliance.

7. Stakeholder Communication

• Communicate compliance requirements and deadlines to IT teams.
• Provide training or guidance on SOX-related responsibilities.
• Escalate risks or delays to management proactively.

1. Role Specification:

Skills and Experience

Essential

Desirable

• Strong problem-solving and risk assessment capabilities.
• Ability to translate regulatory requirements into practical IT controls.
• Comfortable working in fast-paced environments with evolving compliance needs.
• Hands-on experience with:
• IT General Controls (ITGCs): Access Management, Change Management, IT Operations.
• Application Controls: Automated controls within ERP or financial systems.
• Familiarity with SOX 404 compliance and financial reporting processes.
• Exposure to ERP systems (SAP, Oracle, Dynamics) and GRC tools (e.g., ServiceNow, RSA Archer).
• Able to communicate at all levels and articulate technical complexities to the non-technical stakeholders
• Analytical thinking, ability to identify control gaps and propose remediation.
• Communication skills, clear reporting to technical and non-technical stakeholders.
• Collaboration, working effectively with IT teams, finance, HR and auditors.
• Attention to detail to ensure accuracy in testing and documentation.
• Experience of dealing with internal and external audit and regulatory bodies, building key relationships during SOX audits
• Proven ability to influence and motivate through communication.
• An organised person with excellent time management skills

• Familiarity with cloud environments (AWS, Azure) and related SOX implications.
• Understanding of cybersecurity controls and their impact on financial reporting.
• Experience with automation or data analytics for control testing.
• Experience of ISO27001 and CE+,

Required Qualifications

Desirable Qualification

• Bachelor's degree in Information Technology, Computer Science, Accounting, Finance, or a related field.
• 25 years of experience in IT audit, IT compliance, or SOX testing.
• Familiarity with ITGCs, application controls, and financial systems.
• Strong understanding of SOX requirements and IT control frameworks (e.g., COBIT).
• Proficiency in documentation and testing methodologies.

• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CPA or CIA (Certified Internal Auditor) for combined IT/financial expertise.

1. General:

1. We have clear Company Values which we believe are appropriate to everyone, irrelevant of role and status within the Company.
2. We have defined standards of performance to meet external and internal customer requirements. All staff are expected as part of their day to day job role to meet and where possible exceed customer expectations of service and seek value for money in all aspects of their work.
3. To promote and implement our Equal Opportunities, Customer Service and Performance Policies in all areas of work, both internally and externally.
4. Duties may involve having access to information of a confidential nature that may be covered by the Data Protection Act, be commercially sensitive or relate to customer information. In such circumstances confidentiality must be maintained at all times in accordance with the company's policies. If you are unclear at any time, refer the matter to your manager. All employees have a statutory duty of care for their own personal safety and that of others who may be affected by their acts or omissions.Employees are required to co-operate with