Analyst - IT Audit [T500-19742]

ANSR is hiring for one of its clients.About ArcelorMittal:ArcelorMittal was formed in 2006 from the strategic merger of European company Arcelor and Indian-owned Mittal Steel. Over a journey of two decades, we have emerged as the world's leading steel and mining company, exerting our influence across 60+ countries with a robust industrial footprint in 18.We are a global team of 158,00+ talented individuals committed to building a better world with smarter low-carbon steel. Our strategies are not just about scale; they're also about leading a transformative change where innovation meets sustainability. We supply to major global markets from automotive and construction to household appliances and packaging supported by world-class R&D and distribution networks.ArcelorMittal Global Business and Technologies in India is our new hub of technological innovation and business solutions. Here, you'll find a thriving community of business professionals and technologists who bring together diverse and unique perspectives and experiences to disrupt the global steel manufacturing industry. This fusion ignites groundbreaking ideas and unlocks new avenues for sustainable business growth.We nurture a culture fueled by an entrepreneurial spirit and a passion for excellence, which prioritizes the advancement and growth of our team members. With flexible career pathways and access to the latest technology and business tools, we offer a space where you can learn, take ownership, and face exciting challenges every day.Position Summary:SOx ITGC SpecialistOur Global IT Compliance Office is looking to build a SOX ITGC Testing and Quality Assurance team to perform testing and independent testing groupwide. This includes.ITGC control testing.Documentation of Test Results in Audit board.Registering GAPS in Auditboard for non-effective controls.Quality Assurance Reviews of Test Work Papers in AuditboardProactively checking for the timeline respect for all the SegmentsMaking completion check reviews.Generating compliance reporting / dashboardingEnsuring all documentation complies to PCAOB standards.Our annual process starts with the revision of our SOX ITGC Framework, taking into accounts the experience from the previous year (lessons learned from our Internal Audit and our External auditors), the scope revision, the planning definition… Three testing steps (Round1, Round2, Roll Forward) are planned to cover the SOX risks over the full year.Responsibilities:ITGC Audit Execution:Conduct comprehensive assessments of IT General Controls (ITGC) impacting financial reporting.Evaluate the design and operating effectiveness of controls related to:Access Management: User provisioning, de-provisioning, access reviews, privileged access management, and segregation of duties (SoD).Change Management: System and application changes, patch management, development, testing, and promotion to production environments.IT Operations: System monitoring, job scheduling, backup and recovery procedures, incident management, and data center physical and environmental security.Program Development: Controls over system development lifecycle (SDLC) processes.Information Security: Cybersecurity measures, data loss prevention, and vulnerability management.Perform risk assessments to identify potential IT threats and vulnerabilities that could impact the integrity of financial data.Conduct detailed control testing, including walkthroughs, inspection of evidence, re-performance, and inquiry.Analyze audit evidence and document work papers with precision and detail, adhering to internal audit standards and regulatory requirements.Control Deficiency Identification and Remediation:Identify and evaluate control deficiencies, communicating findings clearly and concisely to control owners and management.Collaborate with IT and business process owners to understand root causes of deficiencies and assist in developing effective remediation plans.Monitor and track the progress of remediation efforts to ensure timely and effective closure of identified issues.Reporting and Communication:Assist in the preparation of audit reports, detailing audit scope, objectives, findings, and recommendations.Present audit findings and recommendations to senior management and external auditors.Liaise effectively with internal stakeholders (e.g., SOx Compliance team, Internal Audit, IT departments) and external auditors to facilitate SOx compliance efforts and address audit inquiries.General:Stay current with SOx regulations, PCAOB auditing standards, and evolving IT risk and control best practices (e.g., COBIT, NIST CSF, ITIL).Contribute to the continuous improvement of the ITGC audit methodology, processes, and documentation.Educate IT and business process owners on SOx ITGC requirements, risks, and controls.Review ITGC Scoping Exercises performed by the segments.Check all Segments’ RCMs (Risk Control Matrixes) for appropriateness regarding the respective BARA (Business Application Risk Assessment) files describing the scopesITGC Testing and documenting results in Auditboard as per approved RCMs.Assisting segments with training, best practices sharing (some entities being less mature than others: new scopes, new projects…), expertise, gaps remediationIndependent Quality Assurance reviews of Test Work Papers in AuditboardProactive monitoring of Segments regarding the predefined timeline, compliance status, deficiencies, and remediation progress with periodic reporting (control performance, open deficiencies…Supporting the central IT Compliance team in front of the internal and external auditors when required.Qualifications:BE / BTech / Any Master's Degree2 years of experience in IT audit, ITGC, SOx compliance, or a related risk advisory role, preferably within a large, global organization. Big Four experience is a plus. Certifications (one or more preferred):Certified Information Systems Auditor (CISA)Certified Internal Auditor (CIA)Certified Information Security Manager (CISM)Certified Public Accountant (CPA)CISSP (Certified Information Systems Security Professional)Strong understanding of:Sarbanes-Oxley Act (SOx) Section 302 and 404 requirements.PCAOB Auditing Standards related to internal controls over financial reporting.IT General Controls (ITGC) domains (e.g., Access Management, Change Management, IT Operations, Program Development, Information Security).Common IT control frameworks (COBIT, NIST, ITIL).IT risks, processes, and controls across various technologies (e.g., ERP systems like SAP/Oracle, operating systems like Windows/UNIX/Linux, databases like Oracle/MSSQL, cloud platforms like AWS / Azure / Google Cloud).Application security, user access management, and privileged access management principles.Skills:Excellent analytical, problem-solving, and critical thinking skills with strong attention to detail.Strong written and verbal communication skills, with the ability to explain complex technical issues to non-technical audiences.Ability to work independently and manage multiple tasks and deadlines in a fast-paced environment.Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint, Visio).Ability to build strong relationships and collaborate effectively with diverse teams.Proactive, self-starter, and result oriented.Qualification and Experience:Experience 2-4 YearsOur Values:Safety: We prioritize a proactive safety-first culture where every employee is empowered to identify and address risks, ensuring a safe working environment for all.Sustainability: We aim for long-term profitability by adapting to evolving social and environmental trends, investing in a circular and decarbonized future for steel, and contributing to a better world.Quality: We strive for excellence in products, processes, and performance through innovation, operational expertise, and a commitment to exceeding customer expectations.Leadership : We maintain a leading position through visionary thinking, a willingness to challenge conventions, and a drive to redefine steel for a new generation through innovation and strategic partnerships.