**Position Summary**:
The IT Audit & Compliance Manager is responsible for coordinating and supporting all IT audit compliance activities, including—but not limited to—Sarbanes-Oxley (SOX) requirements. As the central liaison between the IT organization and internal/external auditors, this position ensures that IT controls are designed, documented, and operated in alignment with established audit standards and regulatory obligations.
This role also involves proactive identification of potential risks and implementation of cybersecurity best practices to protect both financial and non-financial systems.
This position ensures that the IT organization maintains ownership of its controls in alignment with, Audit standards and requirements. By actively ensuring and safeguarding the efficiency and security of both financial and non-financial IT systems, the IT Audit & Compliance Manager supports a robust control environment that meets regulatory expectations and advances organizational goals.
**Key Responsibilities**:Audit Coordination & IT Compliance Liaison**:
- Act as the primary coordination point within IT for SOX and other IT audit activities, collaborating with both internal and external audit teams.
- Facilitate communication of IT-specific control requirements, testing schedules, and documentation needs.
- Ensure IT ownership of controls by providing comprehensive input on design and operation, while aligning with Audit standards and requirements.
**IT Deficiency Coordination & Tracking**:
- Collaborate with auditors to understand IT-related findings and recommended remediation actions stemming from SOX, cybersecurity, or other audits.
- Work closely with IT teams to prioritize and complete remediation efforts, ensuring alignment with audit timelines.
- Partner with Audit, which maintains the central repository of IT-related deficiencies, to help track their status and escalate any risks or delays to relevant leadership.
**Ongoing IT Control Support**:
- Assist in reviewing and refining IT control documentation based on Audit guidance and regulatory requirements.
- Monitor changes in IT systems or processes that could impact control design or audit scope, communicating those changes to Audit.
- Oversee SAP GRC, including monitoring access to sensitive transactions and ensuring compliance with the Firefighter access process, promptly addressing any issues with unauthorized or inappropriate use.
- Promote a culture of compliance by sharing best practices for effective control operation and documentation throughout IT.
**Proactive Risk Identification & Mitigation**:
- Continuously assess the IT environment for emerging risks and vulnerabilities, including those outside the traditional financial scope (e.g., new technologies, evolving cyber threats).
- Develop and recommend preventive measures or process improvements to mitigate identified risks before they materialize into audit issues or security incidents.
- Lead proactive initiatives that reinforce IT control robustness and reduce the likelihood of non-compliance.
**Cybersecurity Assurance**:
- Coordinate and conduct internal assessments to ensure that all systems—beyond just financial ones—are adequately protected in line with prior cyber, SOX, and other audit recommendations.
- Validate that existing IT security measures and controls meet or exceed recommended standards, escalating any gaps or vulnerabilities for remediation.
- Collaborate with IT security teams to align cybersecurity efforts with SOX and other regulatory frameworks, ensuring holistic protection and compliance.
**Policies, Procedures, and Documentation**:
- Collaborate with IT stakeholders to develop, update, and maintain clear, consistent policies and procedures for all IT compliance requirements.
- Ensure documentation standards meet Audit expectations and accurately reflect current operations.
- Support business process owners in understanding how changes to IT systems or processes affect documented controls.
**Training and Awareness**:
- Develop and deliver training programs to help IT staff and business stakeholders understand IT-related audit requirements and their roles in control execution.
- Promote awareness campaigns on IT compliance and cybersecurity best practices.
**Stakeholder Management**:
- Partner with IT leadership, business unit leaders, and functional teams to embed IT-related audit considerations (including SOX) into strategic and operational decisions.
- Ensure that compliance priorities are well understood and adequately resourced across the organization.
**Metrics and Reporting**:
- Define, track, and report on key performance indicators (KPIs) and key risk indicators (KRIs) related to the IT control environment (e.g., number of open deficiencies, audit testing coverage).
- Provide regular updates to management and ITLT on the status of IT controls, remediation efforts, and cybersecurity initiatives.
**Systems and Tools**:
- Collaborate with