Position: Leading Retail Company - Sr. IT Auditor (Tester/Analyst) - San Francisco/Bay Area
Location: San Francisco/Bay Area

GENERAL SUMMARY:
The Senior Analyst, SOX Compliance will perform test of information technology (IT) general computer controls.  The candidate will identify appropriate risk factors and will assess the adequacy of existing controls and their related design and effectiveness given those risks.  The candidate must possess strong knowledge of SOX 404, AS5, and the SEC Interpretative Guidance.  The candidate must have prior SOX 404 IT experience in a Big 4 firm environment, have strong leadership skills, be detail oriented  and have excellent written and verbal communication skills.

ESSENTIAL DUTIES & RESPONSIBILITIES:
1. Responsible for SOX 404 information technology (IT) internal controls testing which includes Change Management, Logical Security, and IT Operations.
a. Executing and documenting test plans and test results with control owners, including details regarding exceptions, overall conclusions, and control effectiveness.
b. Communicating test results to control owners and key stakeholders.
c. Documenting and tracking remediation activities associated with identified control deficiencies.
d. Supporting the conclusion of operating effectiveness of controls and assessing overall process stability.
e. Identifying and communicating process improvement opportunities/remediation.
f. Tracking the progress and monitoring the remediation plan and actions.
2. Test and coordinate Application/Automated Controls, Segregation of Duties and SAS 70s.
a. Support the planning of system and application level internal control tests, including the creation of original test plans.
3. Maintaining a current understanding of prevailing SOX IT audit tools, techniques, methodologies, and regulatory requirements. .
4. Interfacing regularly with various levels of the IT organization as well as the internal and external auditors to ensure timely test execution and issue resolution.
a. Assisting in the collection, management, and dissemination of control testing evidence and audit support requests.
5. Providing training regarding IT controls and associated testing to control owners and other interested business partners (BPs).

ORGANIZATION RELATIONSHIPS:
The candidate will have regular contact with internal BPs (including IT, CSSC, Brands, and Corporate functions), generally at the Senior Analyst, Manager and Director levels.  He/she will also have regular contact with external auditors, and occasional contact with Internal Audit.

REQUIRED QUALIFICATIONS:
1) Knowledge, skills & abilities:
- Detailed knowledge of SOX 404, AS5 and the SEC Interpretative Guidance required.
- Broad understanding of COSO, COBIT, GAIT or other frameworks required.
- Working knowledge of SAS70, segregation of duties, and spreadsheet and report controls required.
- Advanced PC skills, including Excel, Access, and the ability to create macros, SQL scripts, etc.
- Experience with Oracle, UNIX, RACF, Active Directory, LDAP, Windows NT, ACL, and other audit and retail applications.
- Strong analytical, organizational and project management skills, and demonstrated ability in making decisions and exercising good judgment.
- Ability to influence people and process.
- Strong interpersonal skills with proven ability to develop and maintain effective business partner relationships.
- Ability to address highly complex technical issues.
- Effective oral and written communication skills, with demonstrated presentation experience.
- Ability to effectively deal with competing priorities and meet aggressive guidelines.

2) Minimum educational level:
- BS degree in Finance, Accounting, or Information Systems required.
- CISA is preferred.
- MBA, CPA, CIA is a plus.

3) Experience:
- 4+ years of experience related to SOX IT compliance work (i.e., IT general computer controls and application controls).
- Previous information technology audit experience in a Big 4 firm required.
- Previous experience in retail industry is a plus.

4) Physical Requirements:
- Some travel may be required.