The Business Analyst, IT Application Controls Specialist guides, assists and supports the developing Sarbanes-Oxley IT, Application Controls and General Computer Controls Compliance function within the GTS Compliance & Security team. This position is accountable for the planning, development, and execution of the IT Control framework in strategic areas of the business. Financial application controls experience, functional financial knowledge, narrative/process flow documentation, industry standard audit and testing documentation, Oracle/SAP ERP knowledge and understanding of IT risk-based SOX controls are contributors to the success of this position. This role supports and assists the appropriate GTS TSP (Technical Solutions Provider), SOX Program Office, and departmental Finance leads in the development of key SOX 404 ITGC and Application controls in support of emerging key financial controls. This individual will be responsible for liaising closely with key GTS & Finance leadership staff, SOX control owners and stakeholders, and external Auditor entities. The following are responsibilities related to the Business Analyst IT Application Controls Specialist.
Responsibilities
- Understands and documents key financial processes, including opportunity tracking, order taking, delivery and entitlements, revenue recognition, and billing/payment.
- Develops an in-depth understanding of business process and key application controls for specific solutions by walkthrough, questionnaires, and in-depth reviews.
- Develops and implements core ITGC controls from the SNOW GRC tool framework with accountable control owners identified and defined entities, control objectives and key controls.
- Gains alignment with the SOX PMO and Finance teams regarding the strategic direction for the SOX 404 program in specific areas of the business
-
- Includes: compliance monitoring and process improvement of workflow and activities to ensure compliance with internal policies/standards and applicable laws and regulations
- Assist in executing and prioritizing IT application control observations and SOX control deficiencies in a manner conducive to SOX 404 attestation program.
- Reporting – Write succinct program status and action reports with well-defined issues, root causes, and corrective action plan for overall SOX 404 program development.
- Assist with development of annual internal audit, corporate compliance, risk assessment and SOX plan. Including identification of audit scope, conducting related risk assessment, walkthroughs, updating risk and control matrix, control testing, reporting and re-assess financially significant applications.
- Work with business management to identify sensitive and critical data, understand organizational compliance needs, and develop procedures to accommodate those needs.
- Review risk assessments on an enterprise-wide basis and implement IT risk mitigation programs to achieve required risk tolerance levels.
Skills
- B.A./B.S. or equivalent in Computer Science, MIS, Finance, or related discipline. Experience with Service Now and Smartsheets.
- Minimum of 3 years of related Business Analysis experience in IT compliance, internal controls, and/or internal/public audit.
- Expertise in Sarbanes-Oxley Section 404 as it pertains to computerized digital subscription and provisioning systems.
- Knowledge and experience in Governance, Risk, and Control (GRC) frameworks, approaches, tools, methodologies and frameworks (i.e., COBIT, COSO, RISK IT, ISO 27K, NIST800 series, etc.)
- Experience in RBAC (Role-based Access Control). Experience in Software Development Lifecycles (SDLC), Change and Configuration Management.