Job Description

IT Controls Sr Manager (SOX)

Fulltime

Cambridge, MA (Hybrid – 2 days a week)

• Client operates the largest online marketplace for insurance shopping in the United States. They make insurance shopping easy, efficient, and personal, saving consumers and providers time and money. Their goal is to reshape the way consumers shop and improve the way insurance providers attract and connect with customers as insurance shopping continues to shift online.

• The Senior Manager, IT Controls is a hybrid role based in Cambridge, MA that will report to the CIO and will operate and manage a Sarbanes-Oxley (SOX) IT Controls program where revenue transactions and key reporting come from custom developed systems deployed to Amazon Web Services using CI/CD. You’ll work with our security team to ensure our control owners have complete and accurate review populations and validate the propriety of control execution. You’ll direct our IT controls monitoring team and provide input on our internal control monitoring and execution tools. If our business or technologies change, you’ll work with our engineering, IT, finance, HR, and product teams on any necessary changes to our SOX IT Controls.

• CPA (Certified Public Accountant) or CISA (Certified Information Systems Auditor) required; CISSP (Certified Information Systems Security Professional) and/or CISM (Certified Information Security Manager) preferred.
• 8+ years large public company internal and external auditing, with emphasis on IT auditing in large public companies with complex custom developed platforms in public cloud environments and/or large accounting firms with experience auditing a complex IT client base.
• 5+ years’ experience in a position of leadership to include team development and management.
• Expert level IT audit program and practices experience. Big 4 IT Audit experience preferred.
• Expert understanding of the general computer control areas and IT governance frameworks (e.g., Sarbanes-Oxley, COSO framework, COBIT, NIST CSF, ISO 27001).
• Working understanding of US Generally Accepted Accounting Practices.
• Direct experience designing and implementing a system of internal controls, including experience in a large-scale management-led SOX organization as well as supporting a company’s SOX program.
• Proven experience with evaluating security and controls on various hosted and SaaS/cloud-based technologies.
• Strong understanding of SDLC including agile and CI/CD processes.
• Functional knowledge of Git-based source code flows including commits, pull requests, approvals, and merges.
• Ability to negotiate, influence, and partner effectively with multi-functional and remote teams where resources may not be in direct control of this role.
• Demonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfied.
• Strong vendor management and partner relationship skills.
• Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforce.

• Functional understanding of AWS Well-Architected Framework components including IAM roles and trust principals, CloudTrail, CloudWatch, Elastic Kubernetes Service
• Experience with Okta or other SaaS identity providers
• Atlassian Jira
• Working with an engineering organization using Scaled Agile Framework (SAFe) patterns
• VLOOKUP and other functions in Google Sheets and Microsoft Excel
• Experience building basic automation to perform simple API queries using Python
• Basic SQL knowledge

Job Tags

Similar Jobs