You will serve as a primary CISO organization liaison for IT audit activities, coordinating between Internal Audit, external auditors, and IT control owners to ensure efficient, timely, and accurate audit execution. You will track open audit requests, evidence submissions, and management responses, ensuring timely resolution and escalation of issues. You will execute risk-based assessments and independent control testing activities from the second line of defense perspective, providing objective assurance on the effectiveness of IT controls.

• Conduct annual and ad hoc IT risk assessments to identify, evaluate, and prioritize risks across the IT environment.
• Perform second-line-of-defense control testing across ITGC domains, including role-based access reviews, segregation of duties (SoD) analysis, change management sampling, and operational control testing.
• Monitor the effectiveness of first-line control self-assessments (CSAs) and provide feedback to strengthen the first line of defense.
• Conduct periodic access recertification reviews and support User Access Reviews (UARs) for in-scope systems.
• Identify trends in control failures and emerging risks, escalating systemic issues to leadership with actionable recommendations.
• Develop and maintain standardized tools, guidance materials, and training programs to build organizational GRC capability and ensure audit preparedness.
• Develop, maintain, and distribute IT audit readiness checklists tailored to control domains, audit cycles, and specific regulatory requirements.
• Design and deliver training programs and awareness sessions for IT control owners, process owners, and first-line staff on ITGC requirements, SOX compliance, and evidence collection best practices.
• Maintain a GRC knowledge base and content for ongoing stakeholder reference.
• Act as a key point of contact between the CISO organization, Internal Audit, and the Risk & Controls function and other technology functions, fostering a collaborative and transparent governance culture.
• Build and maintain trusted relationships with Internal Audit leadership, Risk & Controls management, IT leadership, and business process owners.
• Provide regular status reporting on audit activities, risk posture, and control effectiveness to the CISO and senior IT leadership.

• Bachelor's Degree or Equivalent Years of Relevant Work Experience
• Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

• Typically requires 12+ years of relevant experience
• Minimum of 3+ years of progressive experience in one or more of the following: information technology, information security, IT compliance, or IT audit.
• Demonstrated hands-on experience with IT General Controls (ITGC) design, documentation, and testing within a SOX-regulated environment.
• Experience working within or supporting a second line of defense function, internal audit team, or external audit engagement in an IT capacity.
• Strong understanding of risk assessment methodologies and the ability to evaluate and document IT risk.
• Familiarity with enterprise IT environments, including ERP systems (SAP, Oracle, Workday, Salesforce, IFS Cloud) cloud infrastructure (AWS, Azure, GCP), and identity governance and SOD technology platforms.

Technical Knowledge

• Experience and proficient with Security Operations, Access Management, Platform Security, and Data Security technologies at an engineering or architecture level.
• Solid understanding of IT control frameworks: COSO, COBIT, NIST Cybersecurity Framework (CSF), ISO 27001, and SOX 302/404.
• Working knowledge of cybersecurity principles including access management, identity governance, vulnerability management, and data protection.
• Familiarity with common enterprise application controls, database controls, and infrastructure controls relevant to IT audit.

Audit Experience

• Experience in auditing, compliance, or risk management role with responsibility for risk assessments, ITGC walkthroughs, and control testing.
• Exposure to audits conducted under PCAOB standards (AS 2201) is plus.

Industry Certifications

• CISA, CISM, CISSP, CIA, CPA,

Core Competencies

• IT General Controls (ITGC) expertise
• Security Architecture or Engineering experience
• SOX 404 compliance and testing
• Risk assessment and risk register management
• Access management and identity governance
• Cybersecurity frameworks (NIST, ISO 27001, COBIT)

Professional Competencies

• Cross-functional stakeholder communication
• Executive-level written and verbal reporting
• Project and audit lifecycle management
• Training development and facilitation

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www..

This position is part of a job family. Experience will be the determining factor for position level and compensation.

#LI-Hybrid

#LI-MG4

#LifeAtROK

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.