Compass Pointe Consulting LLC is a Maryland based, Woman Owned Small Business specializing in IT and Finance & Accounting Solutions and Services is looking for SOX IT Governance Manager to work 100% REMOTE. Due to the nature of the work MUST be a US CITIZEN and perform the work within the USA.
The position provides an opportunity to be part of the team working with cutting-edge technology that supports some of our nation's fundamental defense services. Candidate will work closely with esteemed clients to develop solutions that allow them to carry out high-stakes national security missions. The selected candidate will work within the IT Governance team which collaborates with members of IT and the business to continuously improve the security and compliance posture of the organization. This team also engages in various projects that assess risk and make decisions on appropriate risk management strategies.
The SOX IT Governance Manager will be critical to the continued evolution of our IT department. Their primary responsibility will be to oversee IT audit efforts, with a primary focus on SOX, including defining control objectives, overseeing testing activities, and monitoring compliance efforts. The candidate will serve as a lead for defining new controls, including when relevant applications undergo significant updates or move to the cloud. The IT Governance Manager will review test findings, facilitate the remediation of identified control gaps and evaluate and escalate issues to senior management when necessary. The candidate will also serve as a critical representative for IT Governance, spanning across all functions of the organization covering control subject areas including policies and procedures, application security, identity and access management, adaptive governance, and data protection.
- Lead coordination with internal and external audit to support testing, walkthroughs and process reviews for audit and compliance initiatives
- Manage remediation activities of any findings/issues, including identification of root cause and the design of strategic efforts to continuously improve our IT compliance posture
- Lead continuous monitoring activities as it relates to SOX 404 and identity / access capabilities
- Function as an SME in identity and access compliance, partnering with IT Cyber Security (ITCS) on critical zero trust and identity initiatives.
- Facilitate control audit work performed by internal and external auditors
- Monitor for changes to regulatory requirements or standards over internal control and recommend modifications to the internal control structure as necessary
- Serve as a champion for risk and compliance, educating colleagues and providing clear, accurate guidance
- Function as a leader in the identification of improvements in the Governance and compliance programs
- Candidates must demonstrate passion for innovation, risk management, and a mature understanding of Information Technology.
- A solid understanding and experience in SOX regulations (SOX 404), Public Company Accounting Oversight Board (PCAOB) standards and their application to IT controls and governance
- Experience evaluating the design and effectiveness of IT controls, preferably with a fortune 100 company or Big 4 accounting firm
- Experience designing automated mechanisms including Robotic Process Automation (RPA) to confirm the operating effectiveness of IT controls over time
- A strong understanding of the IT general control (ITGC) areas and the IT governance framework (COBIT)
- Possess an advanced understanding of risk and compliance in the cloud, particularly with Software as a Service (SaaS) offerings
- Demonstrated ability to take initiative and ownership with focus on continuous improvement.
- The ability to clearly communicate risk in a concise manner that helps drive change; build consensus amongst senior leaders and executives
- A desire to self-educate on the latest IT trends and emerging technologies
- Significant expertise in IT SOX control, design, testing, reporting, etc. preferably with one of the 'Big 4' or equivalent Fortune 100 company
- Proven experience in effectively communicating and collaborating with business stakeholders, executives and technical staff
- Experience with Azure and/or AWS capabilities and services highly desirable
- One of the following professional certifications preferred: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP); or Certified Information Security Manager (CISM)