Senior Lead Analyst - SOX IT Governance

Location:
4900 Tiedeman Road, Brooklyn Ohio

Job Profile Summary

The Senior Lead Analyst - SOX IT Governance serves as a key subject matter expert within the Financial Risk Governance team, supporting the execution, monitoring, and continuous improvement of the Bank's Sarbanes-Oxley (SOX) IT controls program. This role contributes advanced analytical and technical expertise to SOX IT governance activities, leads and performs complex Test of Design evaluations for IT General Controls (ITGCs) and application controls, and helps enhance the quality and consistency of SOX IT processes.

The Sr. Lead Analyst collaborates with IT, business, risk, and audit stakeholders to ensure adherence to ICFR, COSO, PCAOB, and applicable IT control frameworks, while supporting leadership in strengthening the Bank's IT control environment and governance practices.

Job Description

1. SOX IT Program Governance Support

Support execution of SOX IT governance processes, including program documentation, governance materials, and program reporting for IT General Controls and application controls. Assist in coordinating cross-functional discussions with IT and business stakeholders, compiling program updates, and preparing materials for senior leaders and governance committees. Contribute subject matter insights to strengthen SOX IT methodology, documentation standards, and oversight routines.

2. Test of Design (TOD) Execution & Expertise

Lead and perform complex Test of Design evaluations for SOX IT controls across infrastructure, applications, and key supporting systems. Review IT control narratives, walkthroughs, and documentation to ensure accuracy, clarity, and alignment with SOX IT program standards. Provide guidance to IT control owners and testers on improving control design, documentation practices, and technology risk mitigation approaches.

3. Risk Assessment & Scoping Support

Perform detailed analysis to support the annual and periodic SOX IT risk assessment and scoping process. Evaluate significant IT systems, applications, interfaces, and supporting processes using quantitative and qualitative criteria. Identify emerging technology risks and recommend updates to SOX IT scope based on changes in platforms, data flows, system implementations, or regulatory expectations.

4. Testing & Issue Management Coordination

Monitor SOX IT control testing progress and review testing results for completeness and consistency with program methodology. Partner with IT testing teams, internal stakeholders, and control owners to support accurate evaluation of IT control deficiencies. Support the remediation lifecycle by validating corrective actions and ensuring alignment with SOX, ICFR, and IT control framework expectations.

5. Reporting, Metrics & Analytics

Prepare dashboards, metrics, and SOX IT program status reports using GRC tools and data analytics. Summarize trends, recurring issues, and insights related to IT controls to support leadership decision-making. Assist in preparing materials for governance committees, external auditors, and internal stakeholders.

6. Continuous Improvement & Automation

Identify opportunities to streamline SOX IT processes, enhance documentation quality, and support automation or analytics initiatives related to IT controls. Contribute to tool enhancements, process redesign activities, and pilot initiatives focused on improving SOX IT program efficiency and effectiveness.

7. Training & Communication Support

Assist in developing SOX IT training content for IT control owners, testers, and other stakeholders. Support delivery of training and awareness activities to promote understanding of SOX IT requirements, program updates, and control documentation expectations. Develop clear communications that enable consistent execution of SOX IT controls across technology and business areas.

Required Qualifications

• Bachelor's degree in Information Systems, Accounting, Finance, or related discipline.
• Minimum 5 years of experience in SOX, IT audit, IT risk management, internal controls, or a related risk/control discipline.
• Strong knowledge of SOX, ICFR, COSO, PCAOB, and IT control frameworks (e.g., COBIT, NIST).
• Demonstrated experience performing or reviewing IT control design assessments, including ITGCs and application controls.
• Strong analytical, communication, and collaboration skills.
• Experience with GRC tools, automation, or data analytics preferred.
• CISA, CPA, or CIA preferred.

Competencies / Skills

Accountability & Ownership

Takes responsibility for high-quality execution of IT-focused assignments, delivering accurate and timely work while proactively identifying control gaps and recommending solutions.

Governance Support & Influence

Demonstrates strong understanding of SOX IT governance and effectively influences cross-functional partners to drive consistency, quality, and alignment across technology processes.

IT Control Design Expertise

Exhibits deep understanding of IT control design principles, technology risk mitigation, and documentation…