IT Control​/SOX Analyst

On behalf of a growing insurance business, I am seeking an experienced IT Control / SOX Analyst on an initial 6‑month contract basis. You will play a key role in assessing, testing, gathering attestation information, monitoring process and ensuring that our IT controls meet the requirements for SOX compliance. You will collaborate closely with cross‑functional teams to provide advisory services, identify gaps, recommend improvements, and help implement solutions that mitigate risks and improve overall control effectiveness.

We are pleased to offer this role on a hybrid basis with an expectation of 3 days per week in our City of London office.

• Perform detailed assessment and evaluation of IT controls for SOX compliance, focusing on areas such as access controls, change management, system development, and data integrity.
• Provide feedback to control owners around internal controls, assessments, remediation, and documentation.
• Collaborate with stakeholders to gather evidence required for audits of IT internal controls and key operational process and ensure SOX compliance requirements are met.
• Identify potential risks and assist in developing strategies for mitigating those risks.
• Maintain and update the IT scoping and risk assessments, including maintaining the internal IT controls, procedures, and documentation.
• Assist in the development of testing plans, procedures, and scripts to assess the design and operational effectiveness of IT controls.
• Provide guidance on remediation efforts for identified deficiencies and assist with implementing corrective actions.
• Improve IT Controls and Process documentation (i.e., work with process owners to refine risk control matrix, improve process flows, refine / develop test procedures, propose control language and associated risks etc.).
• Maintain up‑to‑date knowledge of regulatory requirements and best practices in IT controls and SOX compliance.
• Assist with the quarterly IT Controls certification process with business process owners, aligning with reporting timelines.

• At least 3 years of experience in SOX IT auditing, compliance or a similar role, with hands‑on experience in testing IT systems, applications, and security controls.
• Strong understanding of SOX compliance requirements and IT general controls (ITGCs) and IT Automated Controls (ITACs), including design, implementation, and testing requirements within a SOX framework.
• Excellent knowledge of a wide range of technology (infrastructure, applications, networking, cyber security, IT governance).
• Familiarity with IT control frameworks such as COBIT, NIST or ISO 27001.
• Excellent analytical, problem‑solving, verbal and written communication skills with the ability to interact effectively with all levels of management.
• Ability to work independently, in a fast‑paced environment manage multiple tasks, and meet deadlines.
• Bachelor's degree in Information Technology, Computer Science, Accounting or a related field, with a preference for certifications such as CISA, CISSP or CRISC.