Internal IT SOX Controller

Location Paris Start Date End March, Paris La Defense, flexible remote work Duration 1 year
Language English and French Other language apreciated
Cutomer  must comply with the SOX requirements (i.e. 404 A & B)
IT organization is largely centralized even though some teams are deployed within the geographical and business areas.

Located in La Defense (Flexible scheme with remote working). 

      Master Degree in Engineering or Finance with IT skills
      At least 3 to 7 years post qualification experience in IT Audit, SOX, Security, GRC Governance, Risk and Compliance
      Good knowledge on IT Processes and standard referential (ex. ITIL, Cobit, COSO)
      Excellent communication skills in a multicultural and technical environment, fluent in English (other language(s) would be appreciated)
      Demonstrated good working knowledge of MS Office
      Excellent planning, time management and communication skills
      Flexible working hours during peak business periods
      Ability to work independently and as part as a team as required
      Knowledge in internal controls models deployed in ERPs environment
      Demonstrable business process and internal control knowledge skills
      Design and management of communication tools
      Facilitation skills (mentoring, workshops, scenario building )

The Internal Control (IC) Central team is looking for an IT Internal Controller to:
      contribute to and support the IT internal controls assessment process performed in liaise with the IT Applications and Process Owners,
      perform and consolidate IT systematic testing, carry on some part of the activity,
      develop automated testing based on business analytics,
      contribute to the reporting module of the GRC application BWise,
      ensure the training of end users/testers as well as the design and management of the IC communication tools.

The IT Internal Controller’s role will be to oversight and contribute to the full implementation and run of the IT IC program for the Group to meet SOX requirements. These activities require a close and permanent coordination with the various teams, Application and Processes Owners and Experts involved.

The consultant will quickly need to gain a clear understanding of the IT business and processes, establish credibility, authority and good working relationship with your line Manager and the wider organization.

Manage IT internal controls assessment performed by and with the IT team

      Make sure the IT IC self-assessment campaign will be timely completed by the ERP/Application Owners, and the Process Owners
      Maintain articulation between IT- Risk & Compliance Team, Shared Services IC staff and IC team members
      Review the control execution implemented by the Control Owners to mitigate our key risks
      Maintain permanent contact with IT correspondents
      Make sure that internal controls IT assessments are conducted in compliance with Group Standards & Policies, with the appropriate documentation, evidence and testing workpapers
      Make sure that BWise processes are applied and timely managed
      Anticipate on issues that may prevent to meet the deadlines
      Follow-up on remediation actions and input in reporting
      Contribute to the IT yearly IC evaluation reports

Contribute in the  process of integrating business controls into IT applications
      Propose areas where business controls can leverage with IT applications
      Organize and manage workshops for the selected areas, possibly involving some business people
      Manage remote staff who performs testing and formalize workpaper under his/her responsibility
      Perform and document some assessments and testing
      Provide inputs in the workshops, design revised controls embedded in IT applications, identify possible new risks, propose mitigation controls and summarize outcomes for validation
      Follow-up on standard framework upgrade and deployment

Develop IT automated controls to support some Business controls
      Use data analytics tools
      Specify, build, document and maintain the selected controls
      Execute the controls and automatize them as far as possible
      Build the communication process to make these controls effective
      Prepare the transfer of the mature controls to Share Services staff and ensure the execution monitoring them


Date of publication
Published by
Contract type

Forward Position