Job Title: IT GRC Sox Specialist – Regulatory Framework
Location: London | Cambridge
Employment Type: 1 year Fixed Term Contract
Job Overview
The IT GRC Sox Specialist will support the IT GRC team in embedding effective IT governance, risk, and compliance across the organisation. The initial primary focus will be on SOX IT General Controls (ITGC) and IT Application Controls (ITAC) design, operating effectiveness, and scaling an enterprise‑ready IT control framework. The role partners closely with IT, Security, Finance, Internal Audit, and External Audit to ensure controls are well designed, consistently operated, appropriately evidenced, and continuously improved.
Key Responsibilities
* Lead implementation and ongoing operation of the IT control framework aligned to SOX and other regulatory requirements.
* Own IT scoping for SOX in partnership with Finance and Internal Audit.
* Maintain inventory of IT risks, controls, owners, testing frequency, evidence requirements, and framework mappings.
* Ensure timely collection of high‑quality evidence demonstrating effective control operation.
* Serve as primary point of contact for Internal Audit, External Audit, and other GRC teams.
* Define and maintain IT GRC scope within the Four Lines of Defence.
* Prepare audit submissions, management responses, and materials for senior leadership.
* Operate the IT risk radar and report risks and trends.
* Develop, maintain, publish, and deliver training on IT policies and procedures.
* Measure compliance with IT policies and coordinate remediation activities.
* Drive continuous improvement initiatives and automation of control evidence collection.
* Track process improvement and remediation action plans to completion.
SOX / Regulatory Control Areas (Initial Focus)
* IT General Controls – access management, privileged access, change management, IT operations.
* IT Application Controls – automated and configuration‑dependent controls for financial reporting (Oracle, Salesforce).
* Key Reports / IPE – standards for report completeness, access controls, and change management over report logic.
* Deficiency Management – root cause analysis, remediation, compensating controls, and re‑testing planning.
Essential Requirements
* Minimum 5 years’ experience in IT audit, IT risk, IT compliance, SOX IT controls, or a combined GRC/assurance role.
* Hands‑on experience designing, operating, and managing SOX ITGC and, where applicable, ITAC.
* Strong understanding of how IT risks and control failures impact financial reporting.
* Experience producing reviewer‑ready documentation for audits (risk and control matrices, narratives, process flows, test evidence).
* Experience managing internal and external audit interactions, including evidence coordination.
* Ability to document, explain, and coach others on business process and evidencing expectations.
* Knowledge of COSO, COBIT, ISO 27001, NIST and ability to rationalise overlaps.
* Strong understanding of access governance, segregation of duties, privileged access, change management, IT operations controls.
* Highly effective written and verbal communication skills; ability to influence stakeholders across IT, Finance, and Audit.
* Proficient in Microsoft Office (Outlook, Excel, PowerPoint, Teams, SharePoint).
Desired Skills
* ISACA certification such as CISA, CISM, or CGEIT.
* Experience with risk and GRC tooling, particularly Riskonnect; exposure to ServiceNow GRC, Archer, or AuditBoard.
* Experience estimating remediation costs and distinguishing project costs from OPEX.
* Familiarity with enterprise systems such as Oracle and Salesforce, including access, configuration, audit logging, reporting, integrations.
* Experience supporting broader regulatory initiatives beyond SOX.
* People leadership or coaching experience.
UK Benefits
* Flexible benefits fund.
* Emergency leave days, adoption leave.
* 28 days annual leave (+ bank holidays).
* Pension, life cover, private medical insurance, parental leave, education assistance program.
Compliance & Legal Requirements
AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before employment. Background checks will be conducted in accordance with local laws.
AVEVA is an Equal Opportunity Employer. We provide reasonable accommodation to applicants with disabilities where appropriate.
#J-18808-Ljbffr