Job Title: GRC, SOX Project Lead
Location: Atlanta, GA / New York, NY
Job Type: Full Time
Job Summary
We are seeking an experienced Senior Risk Management Professional with deep expertise in SOX IT Controls, Risk Management, Governance, and Compliance to provide independent oversight of SOX control design, operating effectiveness, audit readiness, and remediation activities. The ideal candidate will have extensive experience in IT General Controls (ITGC), IT Application Controls (ITAC), SOX compliance, deficiency management, and advisory services while working closely with Internal Audit, Risk, Compliance, and Technology teams.
Key Responsibilities
- Define, design, review, and independently assess SOX IT Controls across enterprise applications and infrastructure.
- Evaluate Design Effectiveness (DE) and Operating Effectiveness (OE) of SOX controls to ensure compliance with regulatory requirements.
- Identify control design gaps, ineffective or redundant controls, and recommend sustainable remediation solutions.
- Perform independent oversight of SOX testing, evidence validation, and control execution quality.
- Review control deficiencies, perform root cause analysis, and track remediation through closure.
- Provide advisory support to technology and business teams on SOX control design and implementation.
- Ensure audit readiness by supporting Internal and External Audit activities and responding to audit requests.
- Monitor SOX compliance metrics, KPIs, and reporting to senior leadership.
- Collaborate with cross-functional stakeholders to strengthen governance, risk, and control frameworks.
- Promote control automation and continuous improvement initiatives to enhance operational efficiency.
Required Skills
- 12+ years of experience in IT Risk Management, SOX Compliance, IT Audit, or Internal Controls.
- Strong expertise in SOX IT ITAC, Risk & Control Frameworks, Design Effectiveness (DE), and Operating Effectiveness (OE).
- Experience with control testing, evidence validation, deficiency management, remediation tracking, and audit support.
- Knowledge of governance frameworks such as COBIT, COSO, NIST, and ISO 27001.
- Experience working with ERP platforms (SAP, Oracle, Workday) and cloud environments is preferred.
- Strong analytical, stakeholder management, communication, and documentation skills.
- Professional certifications such as CISA, CRISC, CIA, CPA, CISSP, or CGEIT are highly preferred.
Preferred Qualifications
- Experience in financial services or other highly regulated industries.
- Exposure to GRC platforms such as ServiceNow GRC, Archer, or AuditBoard.
- Experience leading SOX transformation, control optimization, and automation initiatives.