Senior Manager Internal Controls

Job Summary:

The Senior Internal Controls Manager will play a critical role in overseeing and improving the internal control framework, ensuring compliance with regulatory requirements (such as SOX), and managing both internal, IT, and external audit processes for a multi-billion-dollar NYSE office and residential REIT. This individual will work closely with senior leadership to assess and mitigate risks, enhance internal processes, and lead audit engagements. This role requires a hybrid expertise in external financial audits, internal audits, and IT audits, blending operational, financial, and technical control responsibilities. The ideal candidate is a hands-on leader with a solid understanding of IT risks and controls, financial, operational, and compliance audits.

Key Responsibilities:

Internal Controls and Compliance:

• Lead the development, implementation, and ongoing improvement of the company s internal control framework, ensuring alignment with Sarbanes-Oxley (SOX) requirements, IT General Controls (ITGC), and other regulatory mandates.
• Conduct risk assessments to identify key areas of financial, operational, and IT risk, and design effective control activities to mitigate those risks.
• Collaborate with process owners to ensure that appropriate control activities are embedded within business processes and aligned with the company s strategic objectives.
• Monitor, test, and report on the effectiveness of both financial and IT controls, including managing remediation of control deficiencies and improvements.
• Stay updated on evolving regulatory requirements, industry best practices related to internal controls, IT risks, and corporate governance.
• Ensure compliance with industry-specific regulations such as SOX, GDPR, and other data protection laws.

SOX Audit Management (Internal and IT):

• Plan, execute, and manage complex audit engagements, including financial, operational, and IT audits, ensuring they are conducted in accordance with professional standards and regulatory requirements.
• Oversee the annual SOX 404 assessment process, including documentation, walkthroughs, and testing of key financial and IT controls.
• Coordinate with external auditors during financial statement audits, including IT audit components, ensuring that audit requests are efficiently managed and that all audit documentation is accurate and complete.
• Lead the internal audit function, which includes performing audits across all areas financial, operational, and IT ensuring alignment with strategic risks and business priorities.
• Perform detailed reviews of audit workpapers and reports to ensure accuracy and completeness, particularly those related to IT audits (e.g., access controls, change management, data integrity).
• Knowledge of SOC 1, Type 2 and SOC 2 report reviews.
• Present audit findings and recommendations, including IT-related findings, to senior leadership, working closely with management to implement corrective actions.
• Act as a subject matter expert (SME) for internal control matters related to both financial and IT controls, providing training to business units and IT teams.

IT Audit and Risk Management:

• Lead IT audits, focusing on IT General Controls (ITGC), application controls, cybersecurity, data governance, disaster recovery, and system development life cycle (SDLC) controls.
• Assess the effectiveness of IT controls and processes, including those related to networks, databases, software applications, cloud environments, and emerging technologies. Awareness of the latest AI technologies is a plus.
• Evaluate the company's cybersecurity risk posture, including vulnerability assessments, threat management, and response to incidents, and make recommendations to improve security measures.
• Oversee the testing of system access controls, segregation of duties (SoD), change management processes, and data backup/recovery protocols.
• Collaborate with IT and related departments to ensure compliance with internal controls and alignment with enterprise risk management (ERM) strategies.
• Identify potential weaknesses in IT systems, working closely with IT teams to develop and implement corrective actions, ensuring they align with best practices and regulatory requirements.

Leadership and Team Development:

• Lead, mentor, and develop a multidisciplinary team of audit professionals, including the integration of internal and IT auditors.
• Promote a culture of continuous improvement within the audit function, identifying opportunities for automation, enhanced reporting, and better alignment with IT and business goals.
• Foster strong working relationships with key stakeholders across the business, including finance, IT, operations, and legal departments.

Reporting and Communication:

• Provide clear and actionable reports as appropriate to senior audit management regarding audit results, key financial, operational, and IT risks, and internal control weaknesses.
• Ensure open and effective communication with external auditors, regulatory bodies as applicable, and internal stakeholders on matters related to audit findings, IT control improvements, and compliance with regulatory requirements.
• Assist the Internal Controls department head (SVP of Financial Systems and Controls) in the preparation of audit committee presentations and updates to executive leadership on key financial, operational, and IT risks.

Qualifications and Skills:

• Bachelor s degree in Accounting, Finance, Information Systems, or related field. CPA, CIA, CISA, or similar certification is strongly preferred.
• Minimum of 8-10 years of combined experience in external audit (Big 4 or mid-tier firm), internal audit, and IT audit, with at least 4 years in a managerial role.
• In-depth knowledge of Sarbanes-Oxley (SOX) 404 compliance, COSO framework, IT General Controls (ITGC), and internal control best practices.
• Proven experience in leading and managing audit engagements, including financial, operational, and IT audits.
• Strong understanding of enterprise risk management (ERM) principles, cybersecurity risks, and IT risk assessment methodologies.
• Experience with IT audit frameworks, such as COBIT, NIST, ISO 27001, and familiarity with cybersecurity best practices.
• Ability to lead and motivate audit teams, manage multiple audit engagements, and work in a fast-paced environment.
• Excellent analytical, problem-solving, and communication skills.
• High attention to detail and ability to work independently with minimal supervision.

Preferred Experience:

• Experience with application and key reports review and testing.
• Experience with data analytics tools (e.g., ACL, IDEA) and SaaS audit management software (AuditBoard, Workiva, AuditProdigy, etc.).
• Experience in a publicly traded company or working within highly regulated industries.
• Highly proficient in Microsoft Excel, Word, Power Point
• Familiarity with emerging IT audit areas, such as cloud computing, robotic process automation (RPA), and AI.
• Knowledge of other regulatory frameworks, such as GDPR, and industry-specific regulations.

Compensation and Benefits:

• Competitive salary and performance-based bonuses.
• Comprehensive benefits package, including medical, dental, and vision coverage.
• Retirement plan with employer matching.
• Professional development opportunities, including training.