IT SOX Senior Associate

Location: Lisbon, Hybrid
As the IT SOX Senior you will support the IT SOX Manager in executing all aspects of Cloudflare's IT and Cyber SOX program. This includes supporting and contributing to scoping & process risk assessments, controls rationalization & optimization, execution of test of design and test of operating effectiveness, and coordination of remediation. Additionally, you will liaise with the external auditors to manage testing activities for IT SOX.
What you will do
Day-to-Day

• Contribute to the overarching SOX plan by assisting the IT SOX Manager in leading the IT SOX risk assessment, scoping, and controls rationalization & optimization process (including updating controls language and flowcharts as necessary).
• Serve as a business partner to key stakeholders, advising on process, internal control, system implementation, risk, and compliance activities.
• Work closely with the SOX Manager and external auditors to stay informed on progress of the SOX audit
• Coordinate the testing of IPE (information provided by the entity), SOC reports, ITGCs, and automated controls within the Cloudflare SOX environment
• Work with control owners on planning and execution of tests of design, implementation, and operating effectiveness.

Weekly/Monthly

• Provide effective and timely reporting on SOX ITGC testing status and roadblocks, and create/drive plans to remove roadblocks.
• Develop test approach for new controls that come into scope and improve upon test approaches for existing controls.
• Align with IT and business control owners on upcoming changes that will impact the control environment.
• Communicate findings early and often to IT leadership

As Needed

• Work closely with management to assess remediation procedures where control gaps/failures occur.
• Advise on SOX considerations for new system implementations.

Examples of desirable skills, knowledge, and experience

• 5-7 years of experience in IT SOX Compliance, External or Internal Audit
• Considerable knowledge and a proven track record in applying internal controls and accounting principles and practices, specifically as it relates to SOX risk assessment, process documentation and flowcharting, control design assessment, test plan design, testing of operational effectiveness, and documenting of deficiencies
• Familiarity testing IT SOX controls for SaaS financial applications, databases, Netsuite ERP, and internally developed systems.
• Ability to develop test approaches for new controls or to improve upon existing approaches.
• Effective communicator with the ability to build relationships across departments
• SaaS experience preferred but not required
• Report building/querying knowledge preferred
• One of CISA/CIA/CPA preferred