Description:
The IT Risk & Controls Analyst assists with the quality assurance of all IT General Controls through assessment, walkthroughs, and audits. This role will reside within the Myriad’s Accounting/Finance organization and act as a second line of defense (2LoD) function. The cross-functional role will work closely with Myriad’s Accounting/Finance and Technology Organizations to ensure controls are properly designed, operational, and in-line with established policies, procedures, and methodologies. In addition, they will be responsible for control execution, helping identify risks and gaps, and facilitating remediation efforts to address observations and findings raised through internal and external audits. This role will also act as a primary point of contact between IT teams and internal/external auditors during the annual SOX engagement.
Responsibility
- Provide quality assurance of all IT General Controls and Application Controls through assessment, walkthroughs, and audits to ensure operational effectiveness of those controls.
- Monitor the control environment and ensure that controls are operational and in-line with established policies and procedures, and controls methodology.
- Identify risks and gaps and facilitate remediation to address observations raised in internal and external audits.
- Perform or facilitate control execution on behalf of IT Management.
- Assist control owners with root cause analysis and track risk management action plan progress.
- Guide efforts to create common control framework and uniform compliance reporting standard.
- Stay up to date on changes to systems and applications and provide guidance on related controls.
- Conduct periodic compliance audits of IT controls to ensure controls are operating effectively throughout the year.
- Identifying and tracking assessment/audits using performance metrics.
- Provide relevant awareness training to control owners.
Qualifications
- Bachelor’s degree in Business, Accounting, Information Technology, or other quantitative discipline.
- 2-5 years of experience in IT risk and compliance.
- 2+ years of experience in audit/assessments with SOX.
- Experience in working with SOX and internal control design and operations from a Finance and Business Technology perspective.
- Proficient knowledge of third-party related regulatory policies.
- Competency in security frameworks and Unified Controls Framework.
- Strong analytical and time management skills.
- Ability to maintain a high degree of confidentiality.