SOx ITGC Compliance Senior Lead - Financial Department

Overview
Financial Department

SOx ITGC Senior Lead (Permanent Position)

Join Arcelor Mittal Dofasco as a SOX ITGC Compliance Senior Lead and play a pivotal role in strengthening our IT control environment. In this position, you will lead the planning, coordination, and execution of our IT General Controls SOX Compliance program—from risk assessment and scoping to testing, reporting, and remediation. Acting as a strategic advisor and liaison between IT, Finance, Control Owners, Internal Assurance, and external auditors, you will ensure our compliance practices are robust, efficient, and aligned with global standards.

This is an exciting opportunity to influence governance and risk management across a dynamic industrial manufacturing environment.

Responsibilities

Lead and oversee the planning, coordination, evaluations and reporting for the IT General Controls SOX Compliance program, from risk assessment and scoping through to reporting of results & remediation.

Develop or localize globally issued IT SOX related requirements, policies, and compliance standards.

Program stewardship; serve as a liaison between IT and other departments (e.g., finance, Global CIO, Internal Assurance, etc.) as well as external auditors, with respect to the IT components of the local SOX program.

Serve as the Senior Lead advisor to the IT department to continually strengthen control posture.

Risk Assessment, Scoping and Program Methodology: lead IT Business Application Risk Assessment (IT BARA) process to confirm IT elements in scope and apply the IT Control Framework to in-scope systems, tools and infrastructure.

IT SOX Methodology: define local IT SOX related guidance, frameworks, testing requirements and communication expectations with control owners and service providers.

IT Control Documentation: maintain IT controls documentation (e.g., IT BARA, IT Control Framework, risk-control matrices, narratives, flowcharts, test plans).

IT SOX Testing Delivery: determine and communicate annual testing timelines, collaborate with process and control owners, finance SOX leads, and relevant third-parties to deliver the program.

Control evaluations: oversee annual evaluations of design and operating effectiveness, validate test plans and procedures, and assess evidence to support conclusions on IT controls.

Deficiency management: identify deficiencies, root causes, and develop clear remediation plans; coordinate with finance SOX leads to evaluate severity and remediation timelines.

Monitor IT SOX service provider performance within budget to ensure SOX compliance.

Prepare and present periodic reports on IT SOX compliance and issues to stakeholders at various levels, including external auditors as needed.

Collaborate with external auditors during the audit process and address audit findings related to IT SOX compliance.

Monitor remediation against plans and coordinate remediation testing and validation as required.

Liaison and Stakeholder Coordination: coordinate with global teams to ensure standardized IT SOX practices; align IT SOX testing with risk assessment and scoping; communicate with third-party service providers.

Engage in ongoing dialogue with IT External Audit teams to provide testing materials and reduce duplication of effort.

Business Engagement, Remediation Advisory And Process Improvement: stay current with regulations and best practices; identify remediation opportunities and facilitate remediation discussions and validation testing.

Assess changes to technology and projects that could impact program scope; participate in governance, risk management, and compliance initiatives; provide advisory support for ITGC optimization.

Education & Accreditation

Bachelor's degree in Information Systems, Computer Science, or a related field.

Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) are preferred.

Minimum of 7 years of experience in IT audit, internal controls, or compliance, with a focus on SOX compliance.

Prior Big 4 accounting firm experience is an asset.

Experience in managing IT SOX programs through technology transformation is an asset.

Experience in leading and managing IT SOX compliance programs.

Experience in industrial manufacturing (e.g., steel) is an asset.

Knowledge

Expert knowledge of SOX requirements and leading SOX programs.

Expert knowledge of SOX internal controls framework.

Expert knowledge and practical experience in IT General Controls (ITGCs) across environments (Access Management, Change Management, System Operations, Program Development, Data Center Operations, Network Security, Database Security).

Strong understanding of IT processes, systems, and technologies including SAP ECC/S4

HANA, financial systems, infrastructure and cloud environments.

Ability to identify risks and recommend cost-effective controls.

Understanding of the steel industry; knowledge of Audit Board is an asset.

Skills

Advanced project management and team leadership skills.

Excellent verbal and written…