Risk Management Service Engineer - GRC Tools (2-5 yrs)

Here's a job description for a Risk Management Service Engineer, incorporating the details you provided for responsibilities, and adding appropriate education, experience, and technical skills.

Role : Risk Management Service Engineer

Job Summary :

We are seeking a detail-oriented and proactive Risk Management Service Engineer to join our team.

In this role, you will play a crucial part in assisting with the implementation and maintenance of SOX (Sarbanes-Oxley Act) controls for our internal and third-party applications.

You will support internal and external audits, help identify potential compliance risks, and contribute to ensuring the robustness and effectiveness of our control environment.

This position offers an excellent opportunity to grow your expertise in IT risk and compliance within a dynamic environment.

Key Responsibilities :

- Assist in maintaining SOX controls for 1st-party (1P) and 3rd-party (3P) products.

- Support internal and external audits related to SOX compliance.

- Support engineering teams and Application Managers during SOX walkthroughs.

- Manage evidence requirements initiated by Internal Audit.

- Perform quality and compliance checks of evidence submitted by engineering and Application Management.

- Support engineering and Application Management for remediation of SOX deficiencies.

- Test and evaluate the effectiveness of SOX controls.

- Document control testing procedures and findings.

- Identify and report control deficiencies.

- Prepare reports and documentation for SOX compliance activities.

- Communicate SOX compliance status and findings to management and stakeholders.

- Support onboarding, testing, and maintenance of controls for new systems in SOX scope.

- Collaborate with cross-functional teams to ensure thoroughness and accuracy of controls testing.

Technical Skills :

- Compliance Frameworks : Strong understanding of SOX (Sarbanes-Oxley Act) requirements and compliance.

- IT Controls : Familiarity with IT General Controls (ITGCs) and Application Controls.

- Audit & GRC Tools : Experience with or exposure to GRC (Governance, Risk, and Compliance) platforms or audit management software is a plus.

- Data Analysis : Proficiency in using spreadsheet software (e., Microsoft Excel, Google Sheets) for data analysis, evidence review, and reporting.

- Documentation : Strong skills in technical writing and using documentation tools (e.g, Microsoft Word, PowerPoint, Google Docs/Slides).

- System Knowledge : Basic understanding of enterprise application landscapes (e.g, ERP, CRM, custom applications) and how controls apply to them.

- Cloud Controls (Preferred) : Awareness of control considerations within cloud environments (eg, AWS, Azure, GCP).

- Risk Management : Basic understanding of risk assessment principles and methodologies.

Education & Experience :

- Education : Bachelor's degree in Information Systems, Computer Science, Accounting, Finance, Business Administration, or a related field