IT Audit & Compliance Manager

Krakw , Lesser Poland Voivodeship, Poland

Type: n/a

Category: IT & Internet & Media

Requirements: English
Company: Sylvamo Global Business Services Center
Region: Krakw , Lesser Poland Voivodeship

technologies-expected :

• SAP GRC
• Microsoft Excel
• Microsoft Power BI

responsibilities :

• Audit & Compliance:
• Act as the primary coordination point within IT for SOX and other IT audit activities, collaborating with both internal and external audit teams.
• Facilitate communication of IT-specific control requirements, testing schedules, and documentation needs.
• Ensure IT ownership of controls by providing comprehensive input on design and operation, while aligning with Audit standards and requirements.
• Collaborate with auditors to understand IT-related findings and recommended remediation actions stemming from SOX, cybersecurity, or other audits.
• Work closely with IT teams to prioritize and complete remediation efforts, ensuring alignment with audit timelines.
• Partner with Audit, which maintains the central repository of IT-related deficiencies, to help track their status and escalate any risks or delays to relevant leadership.
• IT Control & Risk Management:
• Assist in reviewing and refining IT control documentation based on Audit guidance and regulatory requirements.
• Monitor changes in IT systems or processes that could impact control design or audit scope, communicating those changes to Audit.
• Oversee SAP GRC, including monitoring access to sensitive transactions and ensuring compliance with the Firefighter access process, promptly addressing any issues with unauthorized or inappropriate use.
• Promote a culture of compliance by sharing best practices for effective control operation and documentation throughout IT.
• Continuously assess the IT environment for emerging risks and vulnerabilities.
• Develop and recommend preventive measures or process improvements to mitigate identified risks before they materialize into audit issues or security incidents.
• Lead proactive initiatives that reinforce IT control robustness and reduce the likelihood of noncompliance.
• Coordinate and conduct internal assessments to ensure that all systems are adequately protected in line with prior cyber, SOX, and other audit recommendations.
• Validate that existing IT security measures and controls meet or exceed recommended standards, escalating any gaps or vulnerabilities for remediation.
• Collaborate with IT security teams to align cybersecurity efforts with SOX and other regulatory frameworks, ensuring holistic protection and compliance.
• Governance & Stakeholder Management
• Collaborate with IT stakeholders to develop, update, and maintain clear, consistent policies and procedures for all IT compliance requirements.
• Ensure documentation standards meet Audit expectations and accurately reflect current operations.
• Support business process owners in understanding how changes to IT systems or processes affect documented controls.
• Partner with IT leadership, business unit leaders, and functional teams to embed IT-related audit considerations (including SOX) into strategic and operational decisions.
• Ensure that compliance priorities are well understood and adequately resourced across the organization.
• Define, track, and report on key performance indicators (KPIs) and key risk indicators (KRIs) related to the IT control environment (e.g., number of open deficiencies, audit testing coverage).
• Provide regular updates to management and ITLT on the status of IT controls, remediation efforts, and cybersecurity initiatives.
• Training & Tools
• Collaborate with Audit to oversee or assist with tools and software that support IT control documentation, testing, and reporting.
• Advocate for technology solutions that streamline compliance and strengthen the IT control environment.
• Develop and deliver training programs to help IT staff and business stakeholders understand ITrelated audit requirements and their roles in control execution.
• Promote awareness campaigns on IT compliance and cybersecurity best practices.

requirements-expected :

• 5 -10 years experience in similar roles/industry.
• Fluency in English.
• Deep knowledge of IT General Controls, application controls, and relevant frameworks (e.g., COSO, COBIT, NIST) as well as practical experience implementing and testing them.
• Familiarity with PCAOB, ISACA guidelines, and aligning IT controls.
• Hands-on experience collaborating with internal or external auditors (Big Four experience is a plus).
• Understanding SOX Section 404, GDPR, HIPAA, PCI-DSS.
• Proficiency in SAP GRC for monitoring sensitive transactions and overseeing Firefighter access.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms.
• Knowledge of ISO 27001, NIST CSF, incident response, vulnerability management.
• Abilit

Click here to apply and get more details about this job! It will open in a new tab.