Compliance Analyst - SOX

Job Requisition ID #25WD86381Position Overview Autodesk is seeking a detail-oriented and experienced Compliance Analyst to join our team and lead the SOX IT General Controls program. The successful candidate will be responsible for ensuring compliance with Sarbanes-Oxley (SOX) regulations, focusing on IT general controls, as well as harmonizing controls across our rapidly expanding portfolio of compliance reporting. This role will involve onboarding new systems to the control environment, coordinating with stakeholders on technical requirements and monitoring IT controls to safeguard the integrity and security of our financial systems.  The ideal candidate will possess a deep understanding of SOX IT General controls and how they relate to other security compliance frameworks. They will also have substantial technical AWS knowledge and the ability to assess and explain compliance requirements effectively. This senior-level role is crucial in ensuring our systems and processes comply with industry standards and regulatory requirements by working closely with control owners and implementing automation for evidence collection and testing. The Compliance Analyst role will play a key role in managing the flow of audit requests, scope of the external testing, and work closely with our Audit & Advisory Services Team to ensure compliance by design as new systems are added to scope. They will interface with our external auditors to represent Autodesk’s robust SOX control environment and the critical security controls maintained.  Responsibilities Conduct thorough assessments of IT general controls to ensure compliance with SOX requirementsPrepare and present detailed reports on compliance status, audit findings, and remediation plans to senior management and stakeholders Collaborate with IT and business teams to design, implement, and maintain effective IT controlsPerform regular management over testing of IT general controls, including access controls, change management, data backup, and recovery processesIdentify control deficiencies and work with stakeholders to develop and implement remediation plansDocument and maintain comprehensive records of control testing and assessment resultsProvide support during internal and external audits, including coordinating with auditors and providing necessary documentationStay current with industry best practices and regulatory requirements related to SOX compliance and IT controls as well as SOC2, ISO, PCI, NIST, and other cloud-centric security frameworksDevelop and deliver training programs to educate team members on SOX IT control requirements and best practicesLead complex projects and initiatives related to security compliance, ensuring timely and successful execution Minimum Qualifications Minimum of 4-5 years of experience in SOX 404 IT General Controls auditing, IT assurance, security compliance, information security, or a related field, with a strong technical background Strong understanding of SOX 404 regulations, IT general controls, financial systems audit, and requirements for these in on premise systems and cloud systemsExperience in assessing security controls and explaining compliance requirements to technically minded control owners Proficiency in implementing automation for evidence collection and experience in self-review of submitted evidence for access management, change management, segregation of duties, and configuration management controlsExcellent communication and interpersonal skills, with the ability to clearly articulate technical concepts to both technical and non-technical stakeholders Demonstrated ability to lead and manage complex projects, including planning, execution, and delivery Experience with cloud security and compliance (e.g., AWS, Azure, Google Cloud) is highly desirable Preferred QualificationsBachelor's degree in information technology, Computer Science, Accounting, or a related field. relevant certifications (e.g., CISSP, CISM, CISA) preferredIn-depth knowledge of security compliance frameworks, standards, and regulations (e.g., SOX 404, ISO 27001, SOC2, NIST, GDPR, CCPA, HIPAA) Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions Experience with IT control frameworks such as COBIT, NIST, or ISO 27001Proficiency in using audit and compliance tools and softwareExcellent analytical and problem-solving skillsStrong communication and interpersonal skills, with the ability to work collaboratively with cross-functional teamsDetail-oriented with the ability to manage multiple tasks and prioritiesProfessional certifications such as CISA, CISSP, or CPA are a plusLearn MoreAbout AutodeskWelcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.We take great pride in our culture here at Autodesk – our Culture Code is at the core of everything we do. Our values and ways of working help our people thrive and realize their potential, which leads to even better outcomes for our customers.When you’re an Autodesker, you can be your whole, authentic self and do meaningful work that helps build a better future for all. Ready to shape the world and your future? Join us!Salary transparencySalary is one part of Autodesk’s competitive compensation package. Offers are based on the candidate’s experience and geographic location. In addition to base salaries, we also have a significant emphasis on discretionary annual cash bonuses, commissions for sales roles, stock or long-term incentive cash grants, and a comprehensive benefits package.Diversity & BelongingWe take pride in cultivating a culture of belonging and an equitable workplace where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belongingAre you an existing contractor or consultant with Autodesk? Please search for open jobs and apply internally (not on this external site).