Team is looking for a Senior SOX Tester
Minimum Education Required:
• BA/BS in Computer Science, Business, or equivalent experience;
• Minimum of 5 years of general IT experience, including 5 years of IT security or IT risk management experience
• Utility Industry Experience
• Big 4 experience Minimum Required License / Certification: At least one existing certification from the following list, which must be a currently maintained and valid certification:
• Certified Information Systems Auditor (CISA);
• Certified in Risk and Information System Control (CRISC);
• Certified Internal Auditor (CIA);
• Certified Information Systems Security Professional (CISSP).
Knowledge, Skills, and Abilities
• Strong oral and written communication skills
• Strong analytical skills
• Solid understanding of network and systems security, system and network configuration, and application security
• Solid understanding of general computing controls (GCCs)
• Able to identify complex control gaps.
• Solid understanding of generally applicable and accepted auditing standards and framework (e.g. COBIT) and best practices for IT services management (e.g., ITIL), government guidelines and laws (e.g. Sarbanes Oxley Act)
• Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level audits based on predefined test objectives and test plans.
Perform retest of controls that have been remediated or updated as a result of previously identified deficiencies. Obtain, review, and interpret evidence provided to validate controls are performed effectively.
• Develop test plan based on defined control objectives.
• Document recommendations for test plan modifications that would improve processes, strengthen control points and/or testing procedures.
• Obtain, review, and interpret organizational IT policies, standards and procedures to identify control points that would assist in mitigating risk to the business.
• Work with system owners to complete process documentation and identify control objective that are based on risk mitigation.
• Work with system owners to determine root cause of any identified control gaps / deficiencies and to establish corrective action plans that will result in repeatable, sustainable resolution to control gaps / deficiencies.
• Evaluate existing processes and control points for potential process improvement and increased maturity.
• Perform walk thru of multi-platform level controls that have been remediated or updated as a result of previously identified deficiencies.
• Perform quality assurance reviews on completed / documented test results
• Produce testing status reports based on pre-established criteria.
• Perform other tasks as necessary to ensure IT Audit and Compliance meets its commitments to customers.
• Support the IT Compliance Sr. Manager as needed with IT Compliance metrics development.
For Immediate Placement - Andrew Raynor Dover New Hampshire