Role SummaryThe IT Internal Controls Analyst supports and executes IT SOX compliance, audit readiness, and access governance activities across enterprise systems. Reporting to the Senior Manager, IT Controls, this role partners closely with IT, IT Application Security, and Audit teams to support IT General Controls (ITGCs), user access reviews, and audit support activities in a regulated environment. The ideal candidate has hands-on experience supporting SOX audits, interacting with external auditors, and working within ERP and GRC tool environments. This role requires sound judgment, strong documentation skills, and the ability to manage assigned audit and control activities with appropriate guidance and increasing independence over time.
Key Responsibilities- Support IT SOX and IT General Controls audits, including evidence coordination, auditor inquiry responses, and remediation tracking
- Execute periodic user access reviews, including access validation, Active Directory checks, segregation of duties considerations, and remediation follow-ups
- Support SAP Change Management and SAP GRC activities, including transport reviews, CAB approval validation, Firefighter or sensitive access reviews, and audit evidence preparation
- Support SDLC controls for IT project implementations, including pre implementation risk and scope assessments and post implementation audits
- Support third party and SaaS audit requests, including SOC report coordination, complementary user entity control validation, and control confirmations
- Administer and coordinate AuditBoard (Optro) (or similar GRC tool) access for internal teams and external auditors
- Maintain audit ready ITGC documentation and evidence artifacts related to access controls, change management, and incident response
- Identify opportunities for control automation and process improvement to improve audit efficiency and consistency
- Contribute to audit status, remediation, and project reporting for IT leadership and audit stakeholders
Required Skills & Qualifications- Bachelor's degree in information technology/computer science/information systems/related field
- 1-3 years of hands-on experience in IT SOX, IT General Controls (ITGCs), or technology risk/compliance
- Strong understanding of user access controls, identity lifecycle management, and segregation of duties
- Experience supporting SDLC controls, including pre and post implementation reviews for IT projects
- Hands-on experience working in ERP environments (SAP preferred), including access or change-related controls
- Working knowledge of GRC platforms such as AuditBoard, SAP GRC, or ServiceNow GRC
- Experience interfacing with external auditors and supporting detailed audit requests
- Strong documentation, organizational, and written communication skills
- Ability to work independently and collaborate with U.S. and EU-based stakeholders
Preferred Qualifications- CISA certification (completed or actively pursuing)
- Experience supporting Big 4 or large public accounting firm audits
- Prior experience in regulated industries such as Life Sciences, Pharmaceuticals, Healthcare, or Financial Services
Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this job. They are not intended to be an exhaustive list of all duties, responsibilities, and qualifications. Management reserves the right to change or modify such duties as required.
