We are seeking a SOX Manage Access-Risk Technology Lead, you will be a trusted partner to our cross-functional stakeholders, bringing deep process, technology risk, automated controls and IT general controls expertise, to help the company drive a scalable, well-designed control environment. This is a high-impact individual contributor role, you will be a trusted partner to our cross-functional stakeholders, bringing deep process, technology risk, automated controls and IT general controls expertise, to help the company drive a scalable, well-designed control environment. You ll play a key role in the financial and technology risk assessment, readiness, control optimization, and change enablement for ATT s SOX program.
What youll bring
- Lead the identification, assessment, and mitigation of technology risks across the organization.
- Develop and maintain risk frameworks, policies, and procedures aligned with industry best practices.
- Develop and enforce Identity and Access Management (IAM) policies and procedures to ensure compliance with SOX requirements.
- Oversee the control environment for multiple IAM platforms (such as SailPoint, CyberArk, Active Directory, Azure AD), ensuring seamless integration with governance, risk, and compliance (GRC) tools and supporting the organization s overall security and compliance objectives.
- Drive coordination and program management for initiatives impacting SOX scope, including new scope, technology process and control changes and optimization.
- Serve as an end-to-end process and IT control expert advising control and process owners on SOX requirements, risk assessment, control design, and optimization strategies.
- Participate in walkthroughs for high-risk areas and changes to help ensure readiness and control design effectiveness.
- Evaluate process and control changes, evaluate risk, business process transformations, advise on new initiatives for SOX impact, and provide clear, actionable recommendations
- Oversee the documentation of control narratives and perform control testing
- Collaborate with technical and business stakeholders to support the deficiency evaluation process including root cause analysis, impact assessment, management action plan development, remediation monitoring and validation.
- Oversee the development and execution of cybersecurity controls, including access management, vulnerability management, incident response, and data protection.
- Stay current on cyber threats, regulatory requirements, and control frameworks (e.g., NIST, ISO 27001).
- Partner with process owners and control owners to drive awareness and understanding of SOX requirements and protocols, control design requirements, and enterprise control strategy.
- Develop and review new and updated testing procedures to ensure control evidence and scope are sufficient and aligned with risk.
Education Experience:
- 12-14+ years of experience in internal audit, SOX compliance, risk advisory, or public accounting.
- Bachelor s or Master s degree in a relevant discipline, such as Computer Science, Computer Engineering, Information Systems or equivalent experience preferred, but not required.
- CISA, CRISC, CISSP, AWS Certified Cloud Practitioner or above, CPA, CIA preferred. Deep knowledge of IAM principles and standards (e.g., NIST SP 800-53, ISO 27001, CIS Controls), with practical experience assessing and implementing IAM controls across a technology environment.
- Strong understanding of technology risk, financial reporting risk, internal controls (automated and ITGC), and PCAOB requirements.
- Hands-on experience with SOX readiness, automation, or transformation initiatives is required.
- Working knowledge of information technology best practices and control frameworks.
- Excellent interpersonal skills. Demonstrated ability to influence cross-functionally and at all levels of management and effectively navigate the social dynamics of teams, groups, and organizations.
- Proven leadership and process management skills, including the ability to think and lead multiple complex projects simultaneously.
- High attention to detail and quality, balanced with the ability to see the big picture and identify areas for process simplification.
- Excellent written and verbal communications, presentation, and influencing skills., Superior ability to clearly articulate a point of view and adjust communication style and content to suit audience needs.
- Ability to simplify complex concepts into clear and action-oriented communications and work through ambiguity, with confidence in making tough calls and leading through adversity with a sharp focus on driving the right outcomes.
- Ability to proactively look ahead, anticipate questions, independently assess risk, think critically and creatively to achieve the best outcome, and elevate issues to the right level internally and externally to resolve.
Skills Required
- Ability to lead, plan, execute and evaluate project activities to ensure completion of initiatives
- Skill in mentoring, and performance management
- Skill in using analytical software tools, data analysis methods and reporting techniques
- Skill in using computer applications including MS Office and industry standards
- Ability to communicate effectively in both oral and written form
- Ability to work collaboratively and build relationships across teams and functions
- Ability to work successfully as a member of a team and drive team execution
- Ability to exercise sound judgement in making decisions
- Ability to analyze, organize and prioritize work while meeting multiple deadlines
- Proficiency in analyzing data, identifying trends and preparing reports.
- Familiarity with cloud platforms (AWS, Azure, GCP) and their IAM solutions.
- Deep understanding of IAM tools, IT Security Audits, and Cloud Engineering.
- Experience in reviewing PAM solutions designing controls around them.
- Extensive experience with technologies such as SailPoint and CyberArk, documenting processes flows and designing SOX controls framework.
- Product experience with SailPoint, CyberArk and Delinea
- Strong understanding of SOX IT General Controls
