Senior Analyst, Internal Controls & SOX
HUB International · Chicago, IL · 5 days ago
Management$90k–$110k/yrFull-time
About the role
HUB International is a global insurance and employee benefits broker with over $5 billion in revenue and almost 20,000 employees in 600 offices throughout North America. We provide a wide range of products and services, including business insurance, employee benefits, risk services, personal insurance, retirement, and private wealth management. We are seeking a Senior Analyst, IT Internal Controls & SOX to support our IT SOX program.
Responsibilities
- Support the overall IT SOX program including but not limited to controls and key report testing.
- Apply working knowledge of cloud infrastructure (AWS, Azure, GCP) to assess controls related to cloud security, access management, change management, computer ops.
- Support internal initiatives and look for process improvements.
- Proactively identify and evaluate opportunities to apply AI in streamlining controls testing and reporting processes.
- Maintain a comprehensive Risk Control Self-Assessment (RCM) including ITGC, ITAC, as part of the overall SOX program.
- Evaluate IT control processes to identify risks gaps.
- Document, track and report identified issues.
- Provide remediation guidance, track and log the action plans in Workiva.
- Collaborate with external auditors and IT/business stakeholders, providing documentation, context, and support as needed.
- Assist in delivering IT-specific internal control training for different teams / business units.
- Contribute to IT risk assessments and SOX scoping activities, helping prioritize key risk areas across cloud different systems/applications/tools.
- Manage the overall Workiva (GRC) platform and act as a system administrator.
- Proactively communicate observations, risks, and recommendations to management, speaking up when something doesn't look right rather than waiting to be asked.
Qualifications & Experience
- Bachelor's degree in Information Systems, Accounting, Finance, or a related field.
- 2–4 years of experience in IT internal controls, IT auditing, or a similar role in a public company or accounting firm.
- Big 4 and consulting experience is plus.
- Solid understanding of SOX regulations and the COSO framework, paired with broader knowledge of IT general controls, business processes, and how technology supports the organization.
- Practical knowledge of ITGC domains such as Change Management, Access Management, Computer Ops, SLDC, etc.
- Experience with IT Application Controls, Key Reports (plus).
- Working knowledge of cloud platforms — AWS, Azure, and/or GCP — including familiarity with cloud security and access controls.
- Strong analytical and problem-solving skills with the ability to connect technical findings to business impact.
- Excellent communication and interpersonal skills; comfortable engaging with stakeholders at all levels and confident enough to voice concerns, ask hard questions, and offer independent perspective.
- A collaborative, proactive mindset — someone who contributes ideas rather than simply following process.
- Certifications such as CISA, CISM, CRISC, CC (Certified in Cybersecurity), CISSP, or cloud certifications (AWS Certified, Google Cloud Certified) preferred; actively pursuing one or more is a plus.