Job Description

Role 3: Senior SOX IT Associate
●    
●    Level: 4
●    Role Description: Administrative and governance-focused role responsible for managing User Access Reviews (UARs) and ensuring IT General Controls (ITGC) compliance. This candidate will serve as the primary engine for executing quarterly audits and UARs, tracking evidence, and acting as the liaison between internal reviewers and external auditors.
●    Responsibilities:
○    Access Governance: Manage critical user role and permission scoping. Conduct quality assurance reviews, manage policy exceptions, perform lookback analysis for inappropriate access, and execute escalation protocols for non-responsive reviewers.
○    Services & Audit Support: Extract user data and review for completeness and accuracy (C&A). Track evidence to ensure strict adherence to audit documentation requirements for quarterly audits. Timely address and resolve auditor questions. Identify areas for manual process automation.
○    Reporting: Develop, maintain, and present dashboards tracking audit completion rates, exception rates, and overall compliance metrics.
●    Qualifications:
○    Experience Requirement: 3+ years of experience in IT Audit, SOX Compliance, or Identity and Access Management (IAM) governance.
○    Compliance & Framework Knowledge: Strong understanding of SOX IT General Controls (ITGC), Segregation of Duties (SoD), and standard User Access Review (UAR) methodologies. Familiarity with industry-standard control and security frameworks (e.g., COBIT, NIST CSF, ISO 27001).
○    Technical & Systems Experience: High proficiency in data extraction, spreadsheet analysis (Excel/Google Sheets), and utilizing ticketing/workflow tools (e.g., Jira, ServiceNow). Hands-on experience auditing or managing access in major enterprise ERP/Financial systems (e.g., NetSuite, SAP, Oracle EPM) and core HR systems (e.g., Workday).
○    Project Management & Execution: Strong organizational skills and meticulous attention to detail. Ability to manage strict audit deadlines, juggle multiple quarterly review cycles simultaneously, and identify anomalies, false positives, or SoD conflicts within large, complex datasets.
○    Communication: Excellent written and verbal English communication skills, with a proven ability to independently follow up with business stakeholders and address auditor inquiries professionally.
●    Preferred Qualifications:
○    Relevant industry certifications (e.g., CISA, CRISC).
○    Experience identifying and implementing automation for repetitive audit or compliance tasks.
○    Basic understanding of IT controls within cloud infrastructure environments (e.g., AWS, GCP) and evaluating logical access controls for cloud-native applications.
○    Experience reviewing SOC 1 and SOC 2 Type II reports from vendors to evaluate and map Complementary User Entity Controls (CUECs).
○    Basic awareness of data privacy regulations (e.g., GDPR, CCPA) and how they intersect with user access and data governance.
●    Required Shift (ET): Shift 2 (3:30 AM to 12:30 PM ET to allow for at least a four-hour overlap with the US).
●    Functional Area: Finance Operations
●    Process: SOX & Governance
●    Location: Bangalore
●    Target Hiring Date: May 1, 2026 (Allows time for shadowing and knowledge transfer prior to quarterly audit kickoff).

͏

͏

Deliver

͏

͏