Compliance Auditor I

Hybrid: Upon agreement between you and your supervisor, you are entitled to a flexible arrangement where you will be able to split your time between working from the office and working remotely.

PURPOSE AND SCOPE:

Contributes to the mitigation of risk and ensures IT compliance with Sarbanes- Oxley (SOX) requirements.  Provides guidance, support and subject matter expertise to the FMCNA IT Regulatory function, who, in turn, works directly with IT management in documenting/testing controls and remediating identified deficiencies.  Also works closely with the external auditor SOX IT function to collaboratively determine how to best resolve identified SOX IT deficiencies. 
 
PRINCIPAL DUTIES AND RESPONSIBILITIES:


* Responsible for facilitating IT management’s documentation updates and completion of management assessment for all in-scope FMCNA IT processes. 


* Work with IT compliance management to ensure appropriately designed controls are implemented for all in-scope entities and divisions and perform testing to validate their operating effectiveness throughout the fiscal year.


* Facilitate regular meetings with the FMCNA IT Regulatory function and IT management to plan the documentation updates and testing of SOX IT controls.


* In conjunction with the FMCNA IT Regulatory Compliance function and IT management analyze SOX testing results, making recommendations to facilitate management’s remediation and/or identification of mitigating controls for all FMCNA IT deficiencies.


* Responsible for performing and facilitating access certifications of financially significant systems, including segregation of duties testing.


* Supports IT compliance management as the principal interface with the external auditor IT Audit function and the FMCNA IT functions regarding SOX IT matters.


* Assists management in preparing periodic SOX 404 reporting to the FMCKGaA SOX 404 Steering Committee.


* Performs the annual SOX 404 scoping exercise to determine if there are any changes to IT data centers, applications or related processes which should be considered to determine what is in scope for SOX 404 purposes.


* Perform IT control assessments of any new entities, divisions and processes deemed material to the financial reporting process or in the scope of the external audit.  Work with local IT management to develop and implement IT general controls where required controls are not met and define remediation for deficient controls.

Communicate SOX control requirement where necessary.


* Provide regular updates to the IT compliance management and leadership regarding the status of the SOX testing plans, the issues identified, and the decisions regarding the solutions to address the identified problems.


* Maintains current knowledge regarding changes to SOX compliance regulations and ensures that FMCNA adjusts methodologies in response to the changes by issuing guidance and instructions to the appropriate...