SOx ITGC Compliance Senior Lead - Financial Department

SOx ITGC Compliance Senior Lead – Financial Department

City:
Hamilton

(Permanent Position)

Join Arcelor Mittal Dofasco as a SOX ITGC Compliance Senior Lead and play a pivotal role in strengthening our IT control environment. In this position, you will lead the planning, coordination, and execution of our IT General Controls SOX Compliance program—from risk assessment and scoping to testing, reporting, and remediation. Acting as a strategic advisor and liaison between IT, Finance, Control Owners, Internal Assurance, and external auditors, you will ensure our compliance practices are robust, efficient, and aligned with global standards.

Overall Responsibility:

• Lead and oversee the planning, coordination, evaluations, and reporting for the IT General Controls SOX Compliance program, from risk assessment and scoping through to reporting of results & remediation.
• Develop or localize globally issued IT SOX related requirements, policies, and compliance standards.
• Program stewardship; serve as a liaison between IT and other departments (e.g., finance, Global CIO, Internal Assurance, etc.) as well as external auditors, with respect to the IT components of the local SOX program.
• Serve as the Senior Lead advisor to the IT department to continually strengthen control posture.

Key Responsibilities:

Risk Assessment, Scoping and Program Methodology:

• Risk Assessment and Scoping: In coordination with overall SOX Program Scoping and the Account Risk Assessment (ARA), lead IT Business Application Risk Assessment (IT BARA) process to confirm IT elements in scope. Apply the IT Control Framework to in-scope systems, tools and infrastructure.
• IT SOX Methodology: Accountable for defining local IT SOX related guidance, frameworks, testing requirements and communication expectations with control owners and service providers, as appropriate.
• IT Control Documentation: Ensure development or maintenance of relevant IT controls documentation (e.g., IT BARA, IT Control Framework, risk–control matrices, narratives, flowcharts, test plans, etc.).

IT SOX Testing Delivery:

• Determine and communicate annual testing timelines, schedule; maintain on‑time delivery of the SOX testing program.
• Collaborate with process and control owners, finance SOX leads, and relevant third‑parties to deliver a comprehensive and risk‑aligned SOX program.
• Control evaluations: Oversee and provide quality assurance over annual evaluations of design and operating effectiveness, for in‑scope controls and systems.
• Deficiency management: Identify deficiencies, root causes, and develop clear, concise, practical recommendations and ensure timely remediation. Facilitate dialogue to identify remediation plans for testing exceptions, deficiencies. Coordinate with finance SOX leads, evaluate severity of identified deficiencies.
• Effectively monitor IT SOX service provider performance with effective financial management within the allocated budget to ensure compliance with SOX requirements.
• Prepare and present periodic reports & presentations on IT SOX compliance & issues to various stakeholders both internally and externally at various levels of management.
• Collaborate with external auditors during the audit process, providing necessary documentation and addressing any audit findings related to IT SOX compliance.
• Monitor remediation against plans, timing. Coordinate and oversee remediation testing and validation processes, as required.

Liaison and stakeholder coordination:

• Coordinate and communicate effectively with global teams (e.g., GCIO) to ensure consistent and standardized IT SOX compliance practices.
• Collaborate with business process SOX teams to align IT SOX testing with overall risk assessment and scoping efforts.
• Collaborate with third‑party service providers engaged in IT SOX testing activities, ensuring clear communication, adherence to timelines, and quality deliverables.
• Engage in regular, ongoing dialogue with IT External Audit team to ensure timely provision of testing materials and coordination to reduce duplication of effort (e.g., joint walkthrough sessions).

Business engagement, remediation advisory and process improvement:

• Research, maintain currency with regulations…