Lead and monitor ITGC testing (access, change management, computer operations, backup/recovery, interfaces).
Execute walkthroughs, control design assessments, and test-of-one/ongoing effectiveness procedures.
Validate completeness and accuracy (C&A) for key reports and data flows; assess IPE.
Advise on control design and documentation (risk/control matrices, narratives, process maps).
Track deficiencies; partner on root cause analysis and target-state remediation plans.
Independently verify remediation effectiveness and maintain evidence quality.
Coordinate with external auditors and co-sourced providers; align on scope, reliance, and timelines.
Communicate findings and status to management; escalate risks proactively.
Maintain ITGC program artifacts (RACM, population and sample evidence, issue logs).
Contribute to controls automation, segregation of duties (SoD) governance, and periodic access recertifications.
Support IT policy/standard refreshes and control rationalization.
Perform end-to-end assessment: scoping, risk & control assessments, test plans, fieldwork, and reporting.
Assess IT processes including identity & access management, change/release management, backup/recovery, incident/problem management, vulnerability management, patching, disaster recovery/business continuity, interfaces/integrations, and data quality.
Perform cybersecurity-themed reviews (e.g., endpoint security, logging/monitoring, vulnerability & patch management, configuration baselines).
Provide practical recommendations that balance risk with operational realities.
Monitor remediation progress; validate closure and sustainment of fixes.
Support integrated audits with operational/financial teams; contribute to annual risk assessment and audit plan.
Draft clear reports with prioritized findings, risk ratings, and management action plans.
Present results to stakeholders; communicate clearly to technical and non-technical audiences.
Maintain audit methodology and working papers to internal standards; support QA reviews.

Requirements

4+ years of progressively responsible IT General Controls experience via IT audit/assurance, SOX 404 testing, or IT risk & controls (Big 4 or industry).
Hands-on experience testing ITGCs and automated application controls; working with internal and external auditors.
Strong understanding of access management, change management, computer operations, IPE/C&A, and segregation of duties.
Excellent communication skills—you can explain control requirements to engineers and translate technical speak for auditors.
Demonstrated ability to juggle competing priorities in a fast-moving environment.
Strong analytical, organizational, and project management capabilities.
Self-starter who is driven to build structure where needed.

Benefits

Certifications: CISA, CISSP, CIA, CPA, CRISC (one or more strongly preferred).
Familiarity with NIST, AICPA / SOC 1 & 2, COBIT, COSO, ITIL, PCI, or ISO 27001.
Technical Exposure to cloud controls (Azure/AWS/GCP), DevOps (CI/CD) controls, and data governance.
Automation/Scripting/Policy-as-code: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT General ControlsSOX 404 testingIT auditautomated application controlsaccess managementchange managementcomputer operationsrisk/control assessmentscybersecurityvulnerability management

Soft Skills

communication skillsanalytical skillsorganizational skillsproject managementself-starterability to juggle prioritiesclear reportingstakeholder presentationrisk assessmentproblem-solving