The SOX / ITGC Execution Analyst (NCS/Job/ 2222)

JD :: The SOX / ITGC Execution Analyst is responsible for performing and supporting IT General Controls (ITGC) testing as part of SOX compliance. The role ensures that IT systems, processes, and access controls align with regulatory requirements and internal policies to maintain integrity, confidentiality, and availability of financial data.

Key Responsibilities
•  Execute SOX ITGC testing across key domains such as: 
o  Access Controls (user provisioning, termination, privilege review)
o  Change Management (development, testing, and deployment controls)
o  Computer Operations (backups, job monitoring, incident management)
o  Program Development Controls (SDLC adherence)
•  Collect and review evidence for IT controls and validate completeness and accuracy.
•  Maintain detailed testing documentation in line with audit standards.
•  Identify and report control gaps, exceptions, or non-compliance with SOX/ITGC requirements.
•  Work closely with IT application owners, system administrators, and internal audit teams to remediate findings.
•  Support walkthroughs and discussions with auditors to explain IT processes and controls.
•  Assist in process improvement initiatives to strengthen control environments.
•  Ensure compliance with corporate policies, procedures, and regulatory standards.

Required Skills and Experience
Technical Skills
•  Strong understanding of IT General Controls related to: 
o  Access management, change management, backup & recovery, and operations.
•  Familiarity with IT environments such as: 
o  Active Directory, AWS/Azure, Linux/Windows servers, databases (Oracle, SQL Server), and ERP systems (SAP/Oracle Financials).
•  Basic knowledge of information security principles.
•  Hands-on experience in evidence collection and testing controls.
•  Exposure to GRC or audit tools (e.g., Archer, ServiceNow GRC, MetricStream).
Compliance & Audit Skills
•  Understanding of SOX 404 compliance and ITGC framework.
•  Experience in internal or external IT audit testing (preferably Big 4 or similar environment).
•  Ability to identify risk areas and suggest remediation actions.
•  Knowledge of ITIL or COBIT frameworks (preferred).