Key skills
AWSCloudERPSQLTableauAnalyticsBIPower BIIAMCloudWatchGitHubSalesforceWorkdayLeadershipCloud Security
About this role
Role Overview
- Own the annual SOX compliance plan, including enterprise scoping, risk assessment, and management of the master testing calendar
- Lead AWS scoping activities, including identification of in-scope accounts, services, integrations, and data flows impacting financial reporting
- Evaluate and document AWS controls in alignment with the shared responsibility model and SOX requirements
- Lead walkthroughs with process owners and technology teams to develop and maintain narratives, flowcharts, and risk control matrices
- Execute and review testing of manual, automated, ITGC, and cloud-native controls, ensuring workpapers meet PCAOB standards
- Assess design and operating effectiveness of AWS controls such as IAM, logging, monitoring, and configuration management
- Partner with Cloud Engineering and Security teams to define and implement compliant control structures for AWS environments
- Evaluate control deficiencies, perform root cause analysis, determine severity, and drive remediation efforts through closure
- Develop and maintain dashboards and reporting to communicate SOX status, testing progress, and remediation trends to leadership and the Audit Committee
- Administer the GRC platform, including workflows, evidence management, and continuous monitoring capabilities with AWS integrations
- Coordinate with external auditors, align on testing strategies, and manage requests to ensure efficient audit execution
- Advise control owners on control design, segregation of duties, and automation opportunities, including use of cloud-native capabilities
- Maintain alignment of SOX controls with COSO, COBIT, and relevant cloud security frameworks
- Lead SOX impact assessments for AWS implementations, cloud migrations, system changes, and M&A activities
- Promote automation and continuous monitoring through integration with AWS services and analytics tools
- Mentor junior team members and review deliverables to ensure consistency, quality, and scalability of the SOX program
Requirements
- Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field
- 7+ years of SOX, internal audit, or Big 4 experience with strong exposure to ITGCs, automated controls, and cloud environments
- Demonstrated experience leading SOX scoping and control evaluations in AWS or cloud-first organizations
- AWS Certified Security – Specialty (SCS-C02) required
- CPA, CIA, CISA, or similar certification strongly preferred
- Deep knowledge of COSO framework, PCAOB standards, and ITGCs across on-prem and cloud environments
- Hands-on experience with AWS services such as IAM, CloudTrail, Config, Security Hub, GuardDuty, and CloudWatch
- Strong understanding of AWS shared responsibility model and cloud control design
- Experience with cloud frameworks such as NIST, CIS AWS Foundations Benchmark, and COBIT
- Familiarity with ERP and business platforms such as Workday, Salesforce, Zuora, and GitHub, including integrations with AWS
- Proficiency with GRC tools such as Workiva or OneTrust and analytics tools such as Power BI, Tableau, or SQL
Tech Stack
- AWS
- Cloud
- ERP
- SQL
- Tableau
Benefits
- Great benefits and perks like larger tech companies
- Independence to make a larger impact on the company
- Ownership of work