Lead Analyst, SOX Compliance – AWS

This is a fully remote position, open to applicants in India.

📋 Description

• Take charge of the yearly SOX compliance strategy, which includes enterprise scoping, risk assessment, and overseeing the master testing calendar.

• Spearhead AWS scoping initiatives that involve identifying in-scope accounts, services, integrations, and data flows that affect financial reporting.

• Assess and document AWS controls to ensure they align with the shared responsibility model and SOX standards.

• Facilitate walkthroughs with process owners and technology teams to create and update narratives, flowcharts, and risk control matrices.

• Carry out and review testing of manual, automated, ITGC, and cloud-native controls, ensuring that workpapers adhere to PCAOB standards.

• Evaluate the design and operational effectiveness of AWS controls such as IAM, logging, monitoring, and configuration management.

• Collaborate with Cloud Engineering and Security teams to define and establish compliant control frameworks for AWS environments.

• Analyze control deficiencies, conduct root cause analysis, assess severity, and lead remediation efforts to completion.

• Create and maintain dashboards and reports to convey SOX status, testing progress, and remediation trends to leadership and the Audit Committee.

• Manage the GRC platform, including workflows, evidence management, and ongoing monitoring capabilities with AWS integrations.

• Work with external auditors to align on testing approaches and manage requests to ensure smooth audit execution.

• Provide guidance to control owners on control design, segregation of duties, and automation possibilities, including the use of cloud-native features.

• Ensure SOX controls are aligned with COSO, COBIT, and applicable cloud security frameworks.

• Lead SOX impact assessments for AWS implementations, cloud migrations, system changes, and M&A activities.

• Advocate for automation and continuous monitoring by integrating with AWS services and analytics tools.

• Mentor junior team members and review deliverables to guarantee consistency, quality, and scalability of the SOX program.

⛳️ Requirements

• Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related discipline.

• Over 7 years of experience in SOX, internal audit, or Big 4 settings, with substantial exposure to ITGCs, automated controls, and cloud environments.

• Proven experience in leading SOX scoping and control evaluations within AWS or cloud-first organizations.

• AWS Certified Security – Specialty (SCS-C02) is required.

• CPA, CIA, CISA, or equivalent certification is highly preferred.

• Extensive knowledge of the COSO framework, PCAOB standards, and ITGCs across both on-prem and cloud environments.

• Practical experience with AWS services such as IAM, CloudTrail, Config, Security Hub, GuardDuty, and CloudWatch.

• Strong comprehension of the AWS shared responsibility model and cloud control design.

• Familiarity with cloud frameworks like NIST, CIS AWS Foundations Benchmark, and COBIT.

• Knowledge of ERP and business platforms such as Workday, Salesforce, Zuora, and GitHub, including their integrations with AWS.

• Proficient in GRC tools like Workiva or OneTrust and analytics platforms such as Power BI, Tableau, or SQL.

🏝️ Benefits

• Competitive benefits and perks similar to those offered by larger tech companies.

• The freedom to make a significant impact on the organization.

• Full ownership of your work.