SOX Auditor – IT Controls Manager

This is a fully remote position, open to applicants in Canada.

📋 Description

• Oversee the implementation of independent assessments of IT General Controls (ITGCs) across crucial control domains: access management, change management, and system operations.

• Assess the design and operational effectiveness of IT controls within in-scope applications and infrastructure, including systems that facilitate blockchain-native operations, digital asset custody, and cryptocurrency trading platforms. Document testing procedures and outcomes to comply with Internal Audit and external auditor quality benchmarks.

• Detect new systems, applications, or process modifications that arise during testing and evaluate their SOX implications in collaboration with the SOX Compliance team.

• Develop and sustain testing programs, templates, and workpapers that establish a repeatable and scalable framework for IT SOX testing.

• Discover opportunities to utilize AI-driven workflows and data analytics to enhance testing coverage and efficiency across IT control domains.

• Independently verify the remediation of outstanding SOX findings, including material weaknesses and significant deficiencies, within ITGC control areas.

• Analyze control deficiencies through root cause examination and evaluate the severity and extent of exceptions to guide deficiency classification.

• Determine whether management’s remediation measures are sufficiently designed and effectively operational before closing findings.

• Monitor remediation progress, escalate any delays or issues, and report status to Internal Audit leadership and the Audit Committee as necessary.

• Collaborate with the SOX Compliance team to ensure alignment on remediation expectations, timelines, and evidence requirements.

• Act as a reliable Internal Audit contact for IT control owners in Engineering, Infrastructure, Security, and IT Operations. Bridge the divide between audit methodology and engineering culture — these teams communicate differently than accountants, and fluency in both is essential.

• Contribute to Internal Audit reporting to the Audit Committee, external auditor, and senior leadership concerning IT SOX testing coverage, findings, and remediation status.

• Partner with the business process SOX tester and co-sourced resources to ensure coordinated testing coverage throughout the entire SOX program.

⛳️ Requirements

• 8+ years of experience in IT audit, internal audit, external audit, or SOX compliance, with extensive exposure to IT general controls testing.

• Background in crypto, fintech, payments, or technology-heavy environments with complex, rapidly changing infrastructure.

• CISA and CPA certifications are mandatory. Candidates possessing one certification and actively pursuing the other will be considered.

• In-depth understanding of ITGC frameworks, SOX compliance requirements, COSO, COBIT, and PCAOB auditing standards as they pertain to IT controls.

• Practical experience in testing ITGCs across access management, change management, and system operations.

• Technical proficiency with enterprise technology environments — while you don’t need to be an engineer, understanding how systems, databases, and deployment pipelines function is necessary to effectively test the controls surrounding them.

• Comprehension of how IT controls support the reliability of financial reporting — you can relate an ITGC failure to its downstream effects on business process controls and the financial statements.

• Experience collaborating with or alongside external auditors (Big 4 preferred) on SOX engagements.

• Familiarity with operating in multi-entity structures or across multiple jurisdictions.

• Proficient communicator who can convey technical IT audit findings to control owners, engineering teams, senior leadership, and external stakeholders.

🏝️ Benefits

• Flexible work arrangements

• Professional development opportunities