Senior IT Analyst - Global Financial Controls
Northern Trust · Chicago, IL · 2 wk ago
HybridInformation Technology$67k–$113k/yrFull-time
About the role
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution with over 130 years of financial experience and over 22,000 partners. We are seeking a Senior IT Controls Analyst to join our Global Financial Controls IT pillar, which covers SOX, SOC 1, and SOC 2 controls across a complex, regulated financial services organization.
Responsibilities
- Support the governance and execution of SOC 1 and SOC 2 reports, including scope definition, control mapping, and reporting timelines.
- Maintain SOC control inventories, risk-control mappings, and supporting documentation.
- Ensure SOC descriptions, assertions, and control language are accurate, consistent, and aligned to actual operating practices.
- Evaluate changes in systems, processes, or products for potential SOX and SOC impact.
- Perform independent testing of IT General Controls (ITGCs), including, Access management (provisioning, deprovisioning, recertifications), Change management (SDLC, migrations, approvals), Computer operations (job monitoring, incident management, backups), etc.
- Execute testing of business process controls and IT application controls (ITACs) within the SOC control framework.
- Assess design and operating effectiveness, including, Sampling, evidence inspection, and re-performance where applicable and Validation of key reports and system-generated data used in control execution.
- Identify control exceptions, articulate root causes, and assess impact to SOC & SOX objectives.
- Act as a key liaison with external auditors (e.g., KPMG) for planning, walkthroughs, and testing activities.
- Cover walkthroughs and testing across stakeholders and control owners.
- Review auditor testing approaches, requests, and results to ensure clear alignment with control intent and accurate population scoping and completeness.
- Challenge and validate auditor observations where needed to ensure defensible conclusions.
- Track SOC-related issues, testing exceptions, and management actions through remediation.
- Evaluate the impact of audit findings, technology risk issues, and control failures on SOC reports.
- Support development of clear, audit-ready management responses.
- Validate remediation effectiveness and closure of control deficiencies.
- Work closely with Technology, Information Security, Operations, and Risk teams to obtain and validate control evidence and clarify control responsibilities and execution expectations.
- Provide training and guidance to control owners on control design, evidence requirements, and audit readiness.
- Prepare clear, concise reporting for senior management and governance forums.
- Identify opportunities to improve control design, testing efficiency, and evidence quality.
- Standardize testing approaches across SOC, SOX, and internal audit frameworks.
- Stay current on SOC standards, AICPA guidance, and leading practices in IT control testing.
Requirements
- 5+ years of experience in SOC/SOX reporting, IT audit, IT risk, or control testing roles.
- Strong knowledge of:
- SOC 1 and SOC 2 frameworks.
- IT General Controls (ITGCs) and IT Application Controls (ITACs).
- Control design and operating effectiveness testing.
- Demonstrated experience performing or overseeing control testing procedures.
- Experience working with external auditors in a SOC or IT audit environment.
- Ability to assess and articulate control deficiencies and SOC impact in a clear, defensible manner.
- Strong written and verbal communication skills.
Preferred Qualifications
- Experience in financial services or another highly regulated industry.
- Prior Big 4 audit or advisory experience (SOC/SOX/ IT audit preferred).
- Familiarity with related frameworks (SOX, COSO, NIST).
- Experience with automated controls, data interfaces, and reconciliation platforms.
- Professional certifications (preferred): CPA, CISA, CISSP.