Plug Power is seeking an IT SOX Manager to work with teams across the company to identify and make recommendations on information technology risk and control optimization. The ideal candidate has prior IT auditor experience and is familiar with SaaS (Software-as-a-Service) Architecture, security, support and operations. The IT SOX Manager position involves defining a controls framework, assisting in conducting assessments, and providing consulting services to management and users on information and systems risk and compliance. This includes performing IT, financial, and operational audits in order to evaluate compliance with Plug Power and public sector policies and procedures.
Core Duties and Responsibilities
- Conducts compliance assessments by understanding business objectives, structure, policies and procedures, internal controls, and external regulations
- Conduct walkthroughs and test operating effectiveness of IT General Controls (ITGCs), IT application controls (ITACs), and Key Reports for complex applications such as SAP/4HANA, Salesforce, and Workday
- Develops and maintains entity level controls (ELC’s)
- Documents systems, processes and controls using narratives, flow charts, data flow diagrams, control designs, etc.
- Performs risk assessment(s) using various industry standard frameworks
- Assesses the effectiveness of internal controls over key IT risk
- Coordination and collaboration with the internal business SOX team and critical stakeholder and liaison for external audit delivery
- Identifies and recommends business process changes resulting in strengthened internal controls
- Reviews testing approach and align expectations with control owners and external auditors to ensure key risks are addressed efficiently and that process changes are communicated and assessed timely
- Liaison with IT stakeholders, IT Compliance, external auditors, third-party internal audit co-source partner, and other stakeholders as part of project management to ensure milestones are met
- Facilitates communication with external auditors and serve as a liaison for IT stakeholders
- Identifies and shares improvement opportunities to control owners on testing and documentation in performance of the controls
- Escalates, researches, and assesses deficiencies identified and work with Management to identify an appropriate solution. Evaluate remediation activities and perform retesting to verify appropriate resolution
- Identifies opportunities for enhancements in overall SOX program efficiency and effectiveness for centralization, standardization, and automation
Education and Experience
- Bachelor's degree or equivalent in Business Administration, Computer Science, Information Systems, Mathematics, or related area of study
- 5+ years of general IT controls experience including supervisory experience
- 4+ years experience with assessing and testing IT controls for complex ERP systems to support audits.
- Demonstrated knowledge and experience in Sarbanes-Oxley (SOX) general IT control areas. Big-4 experience preferred
- Demonstrated experience leading an internal or external IT SOX audit or both
- Domain expertise and experience in utilizing various methodologies and frameworks, including COBIT, NIST, COSO, ITIL, ISO
- Experience and exposure to 27001/27002 and 27018, NIST 800-53, SOC 1 and SOC 2 Type 2 concepts, and knowledge of standard SEC rules and practices
- Deep understanding of general security, process, and technology concepts, and practices
- Excels in a fast paced and evolving environment
- Demonstrated ability to solve problems, improve processes, and document findings
- Ability to work both independently under general supervision and with a team; ability to take initiative and exercise strong independent judgment
- Effective verbal and written communications, including active listening skills, and skill in presenting findings and recommendations
- Ability to establish and maintain harmonious working relationships with co-workers, staff and external contractors/auditors, and to work effectively in a professional team environment
- CBAP/CISA/CompTIA certifications desired
- Exposure or working knowledge of SAP S/4HANA desired
Plug Power, Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.