Compliance Analyst - SOX

Job Requisition ID #

Position Overview

Autodesk is seeking a detail-oriented and experienced Compliance Analyst to join our team and lead the SOX IT General Controls program. The successful candidate will be responsible for ensuring compliance with Sarbanes-Oxley (SOX) regulations, focusing on IT general controls, as well as harmonizing controls across our rapidly expanding portfolio of compliance reporting. This role will involve onboarding new systems to the control environment, coordinating with stakeholders on technical requirements and monitoring IT controls to safeguard the integrity and security of our financial systems.

The ideal candidate will possess a deep understanding of SOX IT General controls and how they relate to other security compliance frameworks. They will also have substantial technical AWS knowledge and the ability to assess and explain compliance requirements effectively. This senior-level role is crucial in ensuring our systems and processes comply with industry standards and regulatory requirements by working closely with control owners and implementing automation for evidence collection and testing. The Compliance Analyst role will play a key role in managing the flow of audit requests, scope of the external testing, and work closely with our Audit & Advisory Services Team to ensure compliance by design as new systems are added to scope. They will interface with our external auditors to represent Autodesk’s robust SOX control environment and the critical security controls maintained.

Responsibilities

• Conduct thorough assessments of IT general controls to ensure compliance with SOX requirements.

• Prepare and present detailed reports on compliance status, audit findings, and remediation plans to senior management and stakeholders.

• Collaborate with IT and business teams to design, implement, and maintain effective IT controls.

• Perform regular management over testing of IT general controls, including access controls, change management, data backup, and recovery processes.

• Identify control deficiencies and work with stakeholders to develop and implement remediation plans.

• Document and maintain comprehensive records of control testing and assessment results.

• Provide support during internal and external audits, including coordinating with auditors and providing necessary documentation.

• Stay current with industry best practices and regulatory requirements related to SOX compliance and IT controls as well as SOC2, ISO, PCI, NIST, and other cloud-centric security frameworks.

• Develop and deliver training programs to educate team members on SOX IT control requirements and best practices.

• Lead complex projects and initiatives related to security compliance, ensuring timely and successful execution.

Minimum Qualifications

• Minimum of 4-5 years of experience in SOX 404 IT General Controls auditing, IT assurance, security compliance, information security, or a related field, with a strong technical background.

• Strong understanding of SOX 404 regulations, IT general controls, financial systems audit, and requirements for these in on-premise systems and cloud systems.

• Experience in assessing security controls and explaining compliance requirements to technically minded control owners.

• Proficiency in implementing automation for evidence collection and experience in self-review of submitted evidence for access management, change management, segregation of duties, and configuration management controls.

• Excellent communication and interpersonal skills, with the ability to clearly articulate technical concepts to both technical and non-technical stakeholders.

• Demonstrated ability to lead and manage complex projects, including planning, execution, and delivery.

• Experience with cloud security and compliance (e.g., AWS, Azure, Google Cloud) is highly desirable.

Preferred Qualifications

• Bachelor's degree in information technology, Computer Science, Accounting, or a related field. Relevant certifications (e.g., CISSP, CISM, CISA) preferred.

• In-depth knowledge of security compliance frameworks, standards, and regulations (e.g., SOX 404, ISO 27001, SOC2, NIST, GDPR, CCPA, HIPAA).

• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.

• Experience with IT control frameworks such as COBIT, NIST, or ISO 27001.

• Proficiency in using audit and compliance tools and software.

• Excellent analytical and problem-solving skills.

• Strong communication and interpersonal skills, with the ability to work collaboratively with cross-functional teams.

• Detail-oriented with the ability to manage multiple tasks and priorities.

• Professional certifications such as CISA, CISSP, or CPA are a plus.

Learn More

About Autodesk
Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

We take great pride in our culture here at Autodesk – our Culture Code is at the core of everything we do. Our values and ways of working help our people thrive and realize their potential, which leads to even better outcomes for our customers.

When you’re an Autodesker, you can be your whole, authentic self and do meaningful work that helps build a better future for all. Ready to shape the world and your future? Join us!

Salary transparency

Salary is one part of Autodesk’s competitive compensation package. Offers are based on the candidate’s experience and geographic location. In addition to base salaries, we also have a significant emphasis on discretionary annual cash bonuses, commissions for sales roles, stock or long-term incentive cash grants, and a comprehensive benefits package.

Diversity & Belonging
We take pride in cultivating a culture of belonging and an equitable workplace where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging

Are you an existing contractor or consultant with Autodesk?

Please search for open jobs and apply internally (not on this external site).