SOX Tech Risk and IAM Lead
AT&T · Atlanta, GA · Today
On-siteOTHR$141k–$212k/yrFull-time
Key Roles and Responsibilities
- Lead the identification, assessment, and mitigation of technology risks across the organization.
- Develop and maintain risk frameworks, policies, and procedures aligned with industry best practices.
- Develop and enforce Identity and Access Management (IAM) policies and procedures to ensure compliance with SOX requirements.
- Oversee the control environment for multiple IAM platforms (such as SailPoint, CyberArk, Active Directory, Azure AD), ensuring seamless integration with governance, risk, and compliance (GRC) tools and supporting the organization’s overall security and compliance objectives.
- Drive coordination and program management for initiatives impacting SOX scope, including new scope, technology process and control changes and optimization.
- Serve as an end-to-end process and IT control expert advising control and process owners on SOX requirements, risk assessment, control design, and optimization strategies.
- Participate in walkthroughs for high-risk areas and changes to help ensure readiness and control design effectiveness.
- Evaluate process and control changes, evaluate risk, business process transformations, advise on new initiatives for SOX impact, and provide clear, actionable recommendations.
- Oversee the documentation of control narratives and perform control testing.
- Collaborate with technical and business stakeholders to support the deficiency evaluation process including root cause analysis, impact assessment, management action plan development, remediation monitoring and validation.
- Oversee the development and execution of cybersecurity controls, including access management, vulnerability management, incident response, and data protection.
- Partner with process owners and control owners to drive awareness and understanding of SOX requirements and protocols, control design requirements, and enterprise control strategy.
- Develop and review new and updated testing procedures to ensure control evidence and scope are sufficient and aligned with risk.
- Stay current on cyber threats, regulatory requirements, and control frameworks (e.g., NIST, ISO 27001).
Qualifications
- 5+ years of experience in Internal Audit, SOX Compliance, Risk Advisory, and/or Public Accounting.
- Bachelor's or Master's degree in Computer Science, Computer Engineering, Information Systems, or related field (preferred).
- Professional certifications preferred: CISA, CRISC, CISSP, CPA, CIA, AWS Certified Cloud Practitioner (or higher).
- Strong knowledge of SOX IT General Controls (ITGCs), technology risk, financial reporting risk, PCAOB requirements, and internal controls.
- Experience leading SOX readiness, automation, and transformation initiatives.
- Deep understanding of Identity and Access Management (IAM) principles, standards, and frameworks including NIST 800-53, ISO 27001, and CIS Controls.
- Hands-on experience assessing and implementing IAM controls across complex technology environments.
- Extensive experience with SailPoint, CyberArk, and Delinea, including Privileged Access Management (PAM), process documentation, and SOX control design.
- Experience with IT Security Audits, Cloud Engineering, and IAM governance.
- Familiarity with applying Artificial Intelligence (AI) or Machine Learning (ML) techniques in cybersecurity contexts (e.g., anomaly detection, threat hunting, behavioral analytics, or risk scoring).
Pay
$141,300.00 - $211,900.00 USD Annual.