Full Job Description
SOX & Internal Controls Compliance IT Manager, CoStar Group - Arlington, VA
Job Description
Role Overview: SOX & Internal Controls Compliance IT Manager
Arlington, VA | In office, Monday-Friday
Responsibilities
• Support Sarbanes-Oxley (“SOX”) compliance, internal controls, and enterprise risk management (“ERM”) assessments.
• Assist with implementing the SOX compliance programs, including, but not limited to the following activities:
• Conducting risk assessments and system scoping
• Conducting walkthroughs and documenting end-to-end technology processes, identifying risks and key controls, using narratives
• Documenting and assessing the design and effectiveness of key IT general controls (“ITGC”) and IT application controls (“ITAC”)
• Executing testing to validate the operating effectiveness of controls
• Evaluating controls deficiencies to determine impact and significance
• Identifying and implementing effective and efficient plans to remediate control deficiencies
• Summarizing and documenting results of work performed including management reporting
• Execute internal controls and IT risk management activities to support our risk management initiatives.
• Ensure robust IT General Controls over:
Logical access management
Role-based security and segregation of duties
Change management
System interfaces and data integrity
Configuration controls
• Oversee periodic user access reviews and segregation of duties analyses.
• Coordinate with IT and Information Security to align financial systems governance with enterprise cybersecurity standards.
• Assesstechnology risks and internal control solutions associated with ERP, SaaS, IT infrastructure and cloud platforms.
• Create and deliver presentations on technical concepts, project work plans, delivery approach, milestones, and results tokeystakeholders.
• Deliver efficient and effective approaches to implement and assess risks relating to information security and change management.
• Implementdata analytics to enhance approaches to internal control assessments.
• Workeffectively across different groups within thecompany(technology, accounting, finance, operations.
Basic Qualifications
• Bachelor's degree required in Information Systems, Accounting, Finance, or related field from an accredited, not-for-profit, in-person college/university.
• A track record of commitment to prior employers.
• 7-8+ years of professional services experience with applicable IT risk management and internal controls experience.
• One or more of the following risk related certifications is preferred: CPA, CIA, CISA, or CISSP.
• Track record of technical expertise with SOX, IT risk management and internal controls assessments.
• Deep knowledge of SOX compliance and PCAOB requirements:
SOX 404 and COSO framework
IT General Controls (ITGCs)
Segregation of duties architecture
ERP and financial systems governance
• Experience implementing and assessing controls over highly automated business processes.
• Knowledge of emerging technology risks, including cloud computing, agiledevelopment, cybersecurity, and privacy.
• Knowledge of best practices for authentication, authorization and change management.
• Ability to manage and prioritize assignments while meeting deadlines and maintaining attention to detail.
• Excellent analytical, problem-solving, and critical thinking skills to assess complex IT risks and identify appropriate control enhancements.
• Exceptional verbal and written communication skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.
• Experience in a publicly traded company ($1B+ revenue)or Big 4 experiencerequired.
Preferred Qualifications
• 7-8+ years of experience in IT auditing, or IT compliance or IT risk management, preferably within a large organization or a public accounting firm.
• Knowledge and application of IT controls and governance frameworks such as SOC 1/2, COBIT, NIST (CSF, 800-53, and 800-171), ITIL, ISO 27001/2, and best practices.
• Experience on ERP applications such as Oracle Cloud.
• Proven experience in executing technology audits, including evaluating IT general controls, application controls, and data integrity.
• Global, multi-entity experience preferred.
What's in it for you?
If you are a driven professional looking for a high-growth, high-reward career, CoStar Group offers the ideal opportunity. Be part of a best-in-class company with strong year-over-year growth that invests in your success. Enjoy a rewarding atmosphere where you can learn, excel, and grow.
When you join CoStar Group, you experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed.
We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training and tuition reimbursement.
Our benefits package includes (but is not limited to):
• Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
• Life, legal, and supplementary insurance
• Virtual and in person mental health counseling services for individuals and family
• Commuter and parking benefits
• 401(K) retirement plan with matching contributions
• Employee stock purchase plan
• Paid time off
• Tuition reimbursement
• On-site fitness center and/or reimbursed fitness center membership costs (location dependent)
• Access to CoStar Group 92s Diversity, Equity, & Inclusion Employee Resource Groups
• Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks
Sponsorship
We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position.
#LI-KC3