SOx ITGC Compliance Specialist - Financial Department

SOx ITGC Compliance Specialist - Financial DepartmentCity: HamiltonRequisition ID: 31771ArcelorMittal Dofasco, Hamilton's largest private sector employer, is a leading steel manufacturing company engaged in advanced manufacturing, working with top automotive, energy, packaging, and construction brands. We are embarking on a plan to transform our steelmaking production methods to significantly reduce greenhouse gas emissions, aiming for net zero by 2050.We are seeking a proactive and detail-oriented SOX ITGC Compliance Specialist to support the execution of our IT General Controls SOX Compliance program. In this dynamic role, you will coordinate key compliance activities including User Access Reviews, ITGC testing, documentation, and remediation tracking.Overall ResponsibilitySupports the operational execution and tactical coordination of the IT General Controls SOX Compliance program.Responsible for assessing, monitoring, and improving the IT General Controls SOX Compliance Program.Supports, localizes and ensures compliance with globally issued IT SOX related requirements, policies, and compliance standards.Work in collaboration with the SOX ITGC Compliance Senior Lead to advise the IT department to continually strengthen control posture.Acts as a liaison between the IT Business Unit, other Business Units, auditors and 3rd parties to ensure compliance with internal control requirements and audit readiness.Primarily responsible for coordinating User Access Reviews (UARs), assisting in control testing, maintaining documentation, and ensuring timely remediation of deficiencies.Key ResponsibilitiesUser Access Review (UAR) CoordinationCoordinate and track periodic UARs across systems within the scope of the IT General Controls SOX Compliance Program.Communicate with reviewers to ensure timely completion and escalated delays.Validate role appropriateness, reporting structures, and employment status.Maintain audit trails and evidence for all UAR activities.Provide guidance on tool usage and role descriptions.ITGC Testing SupportAssist in the execution of Test of Design (TOD) and Test of Operating Effectiveness (TOE) for ITGCs.Collect and organize evidence for walkthroughs and control testing.Support remediation tracking and follow-up on open deficiencies.Compliance CoordinationWith SOX ITGC Senior Compliance Lead, liaise with internal stakeholders (e.g., IT, Finance, Global Assurance) to align on compliance timelines and deliverables.Collaborate with third-party service providers engaged in IT SOX testing activities, ensuring clear communication, adherence to timelines, and quality deliverables.Support the implementation of new or updated controls.Monitor control performance and flag potential issues for escalation.Support regular, ongoing dialogue with IT External Audit team to ensure timely provision of testing materials and coordination to reduce duplication of effort.Work in collaboration with the SOX ITGC Compliance Senior Lead to coordinate key report testing and submission of testing results to external auditors.Identify and guide IT Business Unit in remediating control deficiencies, collaborating on solutions and tracking progress.Reporting & DocumentationAssisting SOX ITGC Senior Compliance Lead to prepare status updates and dashboards for management and audit teams.Ensure documentation is current, complete, and aligned with global AM ITGC standards, including SOX.Assist in QAR (Quality Assurance Review) preparations and responses.Automation, Optimization and Continuous ImprovementIdentify opportunities to automate control testing and monitoring processes using data analytics and automation tools, improving efficiency and scalability.Participate in the review and enhancement of the ITGC framework, ensuring it aligns with business needs and evolving technologies.Inquire and maintain an understanding of system development, key projects and potential changes to technology that could impact program scope. Identify gaps, support project team in designing and controls, and assessing design and operating effectiveness of controls.Research, maintain currency with regulations and industry best practices related to IT controls and SOX compliance.Project ManagementSupport projects related to controls transformation, tracking milestones, coordinating teams, and ensuring timely delivery.Participate in projects aimed at improving overall governance, risk management, and compliance frameworks. This may include business engagement meetings, facilitation or co-facilitation of training and awareness sessions and presentations to stakeholders.Risk Assessment and Program MethodologyReview and provide feedback on IT risk assessments and remediation plans.Accountable for supporting development of local IT SOX related guidance, frameworks, testing requirements and communication expectations with control owners and service providers.Work collaboratively with IT SOX Lead to support the communication and implementation of Global IT SOX Methodology by the local team.Ensure development or maintenance of relevant IT controls documentation (e.g., ITGC Business Application Scoping, IT Control Framework, risk-control matrices, narratives, flowcharts, test plans, etc.).Education & AccreditationBachelor's degree in Information Systems, Computer Science, or a related field.Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) are considered an asset.Minimum of 3+ years of experience in IT audit, internal controls, or compliance, with a focus on SOX compliance.Prior Big 4 accounting firm experience is an asset.KnowledgeIntermediate to advanced knowledge of SOX requirements and supporting SOX programs.Intermediate to advanced knowledge of SOX internal controls framework.Intermediate to advanced and practical experience in designing, evaluating, and testing various IT General Controls (ITGCs) across different technology environments, including but not limited to:Access Management (e.g., user provisioning, privileged access, segregation of duties, logical access reviews across applications, databases, and operating systems).Change Management (e.g., development, testing, and promotion to production, emergency changes, system configurations, patch management).System Operations (e.g., job scheduling, data backups and recovery, incident management, monitoring).Program Development (e.g., secure coding practices, system development lifecycle controls).Data Center Operations (where applicable).Network Security Controls (relevant to SOX scope).Database Security Controls.Intermediate to advanced knowledge of IT controls, their application within a SOx environment, risk management frameworks, and industry standards (e.g., COBIT, COSO).Strong understanding of IT processes, systems, and technologies, including critical business applications (e.g., SAP ECC/S4HANA, financial systems), underlying infrastructure (servers, databases, networks), and cloud environments.Ability to identify risks and provide input to SOX ITGC Senior Compliance Lead on recommended cost-effective controls. Experience in industrial manufacturing (e.g., steel) is an asset.Understanding of how IT controls integrate with and support business process controls.Knowledge in Audit Board is an asset.Familiarity with UAR tools and processes, including role-based access models.SkillsStrong coordination skills are required.Excellent communication skills (verbal and written) are required.Strong analytical skills and problem-solving ability.Excellent organizational and time-management skills to manage multiple tasks and deadlines with minimal supervision are required.Demonstrated and proven ability to work effectively in a team environment and maintain positive interpersonal relationships.Strong understanding of IT processes and various technologies used for custom development along with purchased packages where SAP experience is preferred. Ability to translate technical IT concepts into business risks and vice versa.Proficiency in Microsoft 365, data query and audit workflow tools.Work EnvironmentOffice environment with some plant exposure on various projects.Hours of WorkDays, Monday to Friday with extended hours as required to meet internal/external customer requirements.Total Rewards at ArcelorMittal DofascoWe value you, and your contributions to our mutual success. To recognize this, we provide extensive and market-competitive total rewards including salary, variable pay, employer funded retirement savings, group benefits with fully paid premiums, and other programs like recognition points and wellness initiatives.The salary range for this position is $77,000 – $111,000. Starting salary will depend on the successful candidate's qualifications and work experience.On your first day you will immediately be eligible for:Participation in our annual bonus plan based on the achievement of Company goals against target metrics at a rate of 10%Company paid Defined Contribution Pension Plan with employer contributions between 5 and 10%. No employee contribution required.Group Benefits with no health and dental premiums.For health and dental claims, you only pay amounts above the maximums the plan pays.Life insurance premiums are shared with the company.After two years of permanent company service, you will participate in our Profit Sharing, where all permanent employees share equally in the allocation of profits.Other immediate benefits include:PPE and workwear provided at no cost.Wellness and Employee Assistance Programs.Free access to three onsite fitness centers and our 70-acre recreation park with multiple arenas, fields and organized sports for you and your family.We would like to thank all those who apply in advance since only applicants selected to complete an online assessment will be contacted.ArcelorMittal Dofasco is an equal opportunity employer and encourages all qualified candidates to apply and we are committed to providing accommodations for people with disabilities to support their participation in all aspects of the recruitment and selection process. If you require accommodation, we will work with you to meet your needs.J-18808-Ljbffr