IT SOX Manager

at  BW Group

ABOUT US

About BW Group
BW Group is a leading global maritime company involved in shipping, floating infrastructure, deepwater oil & gas production, and new sustainable technologies. Founded in 1955 by Sir YK Pao, BW controls a fleet of over 450 vessels transporting oil, gas and dry commodities, with its 200 LNG and LPG ships constituting the largest gas fleet in the world. In the renewables space, the group has investments in solar, wind, batteries, biofuels and water treatment. BW is proud to be listed as one of Forbes World’s Best Employers 2023.
Are you ready to make an impact?
What drives us is our mission to deliver energy for the world today, and to find solutions for tomorrow. If you want to make lives better around the world by providing access to energy, while working on sustainability and decarbonisation, we’d like to hear from you. Working at BW you will feel the pulse of the world each day. If something happens in the world, we feel it, and you can play your part by anticipating and responding to it. Our high-performing teams are drawn to BW by the global nature of our work and the satisfaction of working with collaborative people who inspire each other to deliver exceptional results.

JOB DESCRIPTION

BW Group is seeking an IT SOX Manager to join our SOX Team with the responsibility to design and implement IT SOX controls to ensure compliance with Sarbanes-Oxley (SOX) regulations. Your primary focus will be on understanding end-to-end business processes and application data flows, and map them to existing IT General Controls (ITGC), IT application controls (ITACs), and business process controls, including identifying control gaps, documenting controls, testing operating effectiveness of controls and performing remediation of deficiencies identified.

Responsibilities:

• Leads the creation of a Risk Control Matrix to map controls to identified risks, ensure proper coverage and inventory of controls for each process, establish transparency and completeness of coverage with consideration on the controls frameworks such as COBIT, NIST, ISO 27000 and CIS
• Develops, directs and leads IT SOX compliance efforts, including review and tracking of IT controls design assessments, controls validation testing, and gap remediation according to Internal Audit concepts (Sarbanes-Oxley, COSO, and/or evaluations of systems of internal control) and SEC/PCAOB/SEC guidelines
• Maintains current understanding of IT audit/technology developments and emerging risks, and proactively identify IT risks and process improvement opportunities according to company-wide initiatives and changes
• Performs SOX testwork and advice to partners on policies and procedures, system implementations, regulatory and compliance requirements, application and infrastructure updates, cybersecurity, change management, asset management, business continuity and disaster recovery, and data privacy, etc.
• Collaborates with application owners to facilitate the onboarding process, providing guidance and support through the change management process to ensure proper alignment with SOX requirements, and oversees completion of required SOC 1/2 controls assessments, inventory of End User Computing (EUC) Tools and Models
• Assists with designing and deploying audit procedures and techniques for technical / IT areas such as segregation of duties and critical access, ERP configuration controls and other related areas
• Assists application owners in understanding the associated ITGC and ITAC controls for new applications being onboarded, and coordinate and conduct controls testing to assess the effectiveness and compliance of implemented controls
• Coordinates with Internal and External Auditors to support the SOX audits and reviews

QUALIFICATIONS

• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), or equivalent.
• Minimum of 7+ years of professional working experience required in IT SOX compliance, IT audit, or a similar role ; 2-3 years of Big 4 experience strongly preferred
• Strong analytical and problem-solving skills, with experience in utilising tools like Visio to visually represent application flows and identify controls from applications within the SOX scope, with experience in data analytics (e.g. ACL) and data extraction methods such as using Excel Macros, Python, R language, etc.
• Strong project management skills, with the ability to manage multiple priorities and deliver results within defined timelines
• Demonstrates excellent communication and interpersonal skills to lead and collaborate effectively with cross-functional stakeholders at all levels to create and understand comprehensive process flows, control matrices and effective completion of control documentation to facilitate mapping of upstream and downstream processes
• A diligent and effective manager who leads by example, demonstrates strong personal credibility and integrity, and works effectively as an integral part of the SOX team to achieve challenging and dynamic objectives

SKILLS

Microsoft Excel
Visio

• Leads the creation of a Risk Control Matrix to map controls to identified risks, ensure proper coverage and inventory of controls for each process, establish transparency and completeness of coverage with consideration on the controls frameworks such as COBIT, NIST, ISO 27000 and CIS
• Develops, directs and leads IT SOX compliance efforts, including review and tracking of IT controls design assessments, controls validation testing, and gap remediation according to Internal Audit concepts (Sarbanes-Oxley, COSO, and/or evaluations of systems of internal control) and SEC/PCAOB/SEC guidelines
• Maintains current understanding of IT audit/technology developments and emerging risks, and proactively identify IT risks and process improvement opportunities according to company-wide initiatives and changes
• Performs SOX testwork and advice to partners on policies and procedures, system implementations, regulatory and compliance requirements, application and infrastructure updates, cybersecurity, change management, asset management, business continuity and disaster recovery, and data privacy, etc.
• Collaborates with application owners to facilitate the onboarding process, providing guidance and support through the change management process to ensure proper alignment with SOX requirements, and oversees completion of required SOC 1/2 controls assessments, inventory of End User Computing (EUC) Tools and Models
• Assists with designing and deploying audit procedures and techniques for technical / IT areas such as segregation of duties and critical access, ERP configuration controls and other related areas
• Assists application owners in understanding the associated ITGC and ITAC controls for new applications being onboarded, and coordinate and conduct controls testing to assess the effectiveness and compliance of implemented controls
• Coordinates with Internal and External Auditors to support the SOX audits and review