The SOX Analyst is responsible for executing walkthroughs and control testing, maintaining documentation, and assisting with the evaluation of control deficiencies for key business processes and controls. The role works closely with Finance, Operations, IT, and External Auditors to help ensure controls are designed and operating effectively in accordance with SOX requirements and the company’s internal control framework.

Here's What You'll Do:

• Perform walkthroughs with process and control owners to understand end‑to‑end business processes, systems, and key business and IT general controls (ITGC) supporting financial reporting.
• Prepare and update process documentation, including narratives, flowcharts, and risk and control matrices (RCMs) for in‑scope entities, accounts, and processes.
• Execute design and operating effectiveness testing of key controls (manual, automated, and IT‑dependent), following a defined SOX testing methodology.
• Obtain and analyze populations (e.g., listings of transactions, user access, changes) and select samples for testing in line with sampling guidance.
• Develop and document test procedures, evidence, and results in clear, well‑structured workpapers that support conclusions and review by senior staff and auditors.
• Identify control exceptions, assist in assessing their root cause, potential impact, and help draft issue descriptions, and preliminary recommendations.
• Assist in the performance of risk analysis, no-harm analysis, and compensating controls identification as a result of control gaps.  
• For remediation items, obtain and review remediation evidence, and conduct follow‑up testing to confirm issues are closed.
• Assist in monitoring status of testing against the SOX schedule to ensure deadlines are met.

 

What You Bring to the Table:

• Bachelor’s degree in accounting, finance, business, information systems, or a related field.
• 3+ years of experience in audit, SOX/ICFR testing, or a related control or compliance role.
• Good understanding of SOX 404 requirements and internal control concepts (e.g., Information provided by entity (IPE) requirements, key vs non‑key controls, deficiency evaluation).
• Familiarity with financial statement processes (e.g., revenue, payables, payroll, close and reporting) and/or ITGC domains (access security, change management, IT operations, backup/recovery, logical security, and interfaces).
• Progress toward a professional designation (CPA, CA, CIA, CISA, or similar) is considered an advantage.
• Strong attention to detail, documentation quality, and adherence to methodology and deadlines.
• Solid analytical and problem‑solving skills, including ability to interpret control evidence and draw supportable conclusions.
• Clear written and verbal communication skills for documenting workpapers and interacting with process owners and auditors.
• Ability to work both independently and as part of a team, managing multiple tasks in a time‑sensitive environment.
• Proficiency with Excel and common productivity tools; familiarity with ERP systems and GRC/controls platforms is an asset.