The successful candidate will be responsible for the designing, testing, reporting, and maintaining IT General Controls and Application level controls for Andesa Services in support of SOC-1/SOC-2 audits and client service level agreements.
Primary Responsibilities:
- Coordinate SOC-1 and SOC-2 reviews with external auditors.
- Drive the Internal Control Questionnaire (ICQ) process designed to assess the design and operating effectiveness of existing SOC-1/SOC-2 controls.
- Design and execute tests of key IT controls.
- Assign control activities to “owners” and ensure that they carry out these activities.
- Educate control owners as appropriate to ensure understanding of controls assigned.
- Periodically report to management on the state of IT controls including control deficiencies in need of remediation.
- Provide a sound basis for the “Management Assertion” in the SOC-1 and SOC-2 reports.
- Respond to client inquires on the SOC-1 and SOC-2 reports – i.e. testing exceptions, control remediation, etc.
Essential Skills:
- Ability to speak effectively to clients and employees of organization.
- Ability to create and maintain detailed documentation of control environment using risk/control matrices and flow diagrams.
- Ability to work independently as well as within a team at a high level.
- Knowledge of IT Auditing, IT General Controls, IT Application level controls.
- Ability to design controls in support of achieving control objectives.
Education, Training and Experience
- Bachelor degree in Auditing, Information Systems or equivalent experience.
- At least two (2) years relevant work experience (Auditing, IT Controls, etc.)
- Appropriate professional certification preferred – e.g. CISA.