Requisition ID: 31772
Note: This job posting is to fill an existing vacancy.
Do you want to work at one of Hamilton-Niagara's Top Employers and a Canada's Top Employer for Young People?
We’re looking for people who are driven by excellence to work with innovative technology to create the material tomorrow’s world will be made of.
At ArcelorMittal Dofasco, we play a key role in North America’s advanced manufacturing supply chain working with the top automotive, energy, packaging, and construction brands to develop lighter, stronger and more sustainable steel products – from cans to cars.
We are embarking on a plan to transform our steelmaking production methods to significantly reduce greenhouse gas emissions in the short term, with the goal of achieving net zero by 2050. Our dedication to revolutionizing steelmaking as part of the climate change solution reinforces our status as a leader in North America.
ArcelorMittal Dofasco is Hamilton's largest private sector employer with more than 4,500 employees, shipping 4.5 million net tons of high quality flat carbon steel annually. Our iconic tagline "Our Product is Steel. Our Strength is People." is a true expression of our belief that our people are our competitive advantage.
ArcelorMittal Dofasco Job Posting
Financial Department
SOx ITGC Senior Lead
(Permanent Position)
Join ArcelorMittal Dofasco as a SOX ITGC Compliance Senior Lead and play a pivotal role in strengthening our IT control environment. In this position, you will lead the planning, coordination, and execution of our IT General Controls SOX Compliance program—from risk assessment and scoping to testing, reporting, and remediation. Acting as a strategic advisor and liaison between IT, Finance, Control Owners, Internal Assurance, and external auditors, you will ensure our compliance practices are robust, efficient, and aligned with global standards. This is an exciting opportunity to influence governance and risk management across a dynamic industrial manufacturing environment.
Overall Responsibility:
• Lead and oversee the planning, coordination, evaluations and reporting for the IT General Controls SOX Compliance program, from risk assessment and scoping through to reporting of results & remediation.
• Develop or localize globally issued IT SOX related requirements, policies, and compliance standards.
• Program stewardship; serve as a liaison between IT and other departments (e.g., finance, Global CIO, Internal Assurance, etc.) as well as external auditors, with respect to the IT components of the local SOX program.
• Serve as the Senior Lead advisor to the IT department to continually strengthen control posture.
Key Responsibilities:
Risk Assessment, Scoping and Program Methodology:
• Risk Assessment and Scoping: In coordination with overall SOX Program Scoping and the Account Risk Assessment (ARA), lead IT Business Application Risk Assessment (IT BARA) process to confirm IT elements in scope. Apply the IT Control Framework to in-scope systems, tools and infrastructure.
• IT SOX Methodology: Accountable for defining local IT SOX related guidance, frameworks, testing requirements and communication expectations with control owners and service providers, as appropriate.
• IT Control Documentation: Ensure development or maintenance of relevant IT controls documentation (e.g., IT BARA, IT Control Framework, risk-control matrices, narratives, flowcharts, test plans, etc.)
IT SOX Testing Delivery:
• Determine and communicate annual testing timelines, schedule; maintain on-time delivery of the SOX testing program.
• Collaborate with process and control owners, finance SOX leads, and relevant third-parties to deliver a comprehensive and risk-aligned SOX program.
• Control evaluations: Oversee and provide quality assurance over annual evaluations of design and operating effectiveness, for in-scope controls and systems. This includes validation of test plans and procedures, review of walkthroughs and operating effectiveness testing and the level of evidence within working files to support conclusions over the effectiveness of IT controls.
• Deficiency management: Identify deficiencies, root causes, and develop clear, concise, practical recommendations and ensure timely remediation. Facilitate dialogue to identify remediation plans for testing exceptions, deficiencies. Coordinate with finance SOX leads, evaluate severity of identified deficiencies.
• Effectively monitor IT SOX service provider performance with effective financial management within the allocated budget to ensure compliance with SOX requirements.
• Prepare and present periodic reports & presentations on IT SOX compliance & issues to various stakeholders both internally and externally at various levels of management
• Collaborate with external auditors during the audit process, providing necessary documentation and addressing any audit findings related to IT SOX compliance.
• Monitor remediation against plans, timing. Coordinate and oversee remediation testing and validation processes, as required.
Liaison and stakeholder coordination:
• Coordinate and communicate effectively with global teams (e.g., GCIO) to ensure consistent and standardized IT SOX compliance practices.
• Collaborate with business process SOX teams to align IT SOX testing with overall risk assessment and scoping efforts.
• Collaborate with third-party service providers engaged in IT SOX testing activities, ensuring clear communication, adherence to timelines, and quality deliverables.
• Engage in regular, ongoing dialogue with IT External Audit team to ensure timely provision of testing materials and coordination to reduce duplication of effort (e.g., joint walkthrough sessions).
Business engagement, remediation advisory and process improvement:
• Research, maintain currency with regulations and industry best practices related to IT controls and SOX compliance.
• Collaborate with IT Department and business process owners to identify remediation plans or opportunities for strengthening IT controls and streamlining compliance processes. Facilitate remediation discussions, validation testing, as required.
• Inquire and maintain an understanding of system development, key projects and potential changes to technology that could impact program scope. Identify gaps, support project team in designing and controls, and assessing the design and operating effectiveness of controls.
• Participate in projects aimed at improving overall governance, risk management, and compliance frameworks. This may include business engagement meetings, facilitation or co-facilitation of training and awareness sessions and presentations to stakeholders.
• Provide advice and recommendations as necessary to strengthen and optimize ITGCs within the IT Department and lead the implementation, where needed.
Education & Accreditation:
• Bachelor's degree in Information Systems, Computer Science, or a related field.
• Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) are preferred.
• Minimum of 7 years of experience in IT audit, internal controls, or compliance, with a focus on SOX compliance.
• Prior Big 4 accounting firm experience is an asset.
• Experience in managing IT SOX programs through technology transformation is an asset.
• Experience in leading and managing IT SOX compliance programs.
• Experience in industrial manufacturing (e.g., steel) is an asset.
Knowledge:
• Expert knowledge of SOX requirements and leading SOX programs.
• Expert knowledge of SOX internal controls framework.
• Expert knowledge and practical experience in designing, evaluating, and testing various IT General Controls (ITGCs) across different technology environments, including but not limited to:
o Access Management (e.g., user provisioning, privileged access, segregation of duties, logical access reviews across applications, databases, and operating systems).
o Change Management (e.g., development, testing, and promotion to production, emergency changes, system configurations, patch management).
o System Operations (e.g., job scheduling, data backups and recovery, incident management, monitoring).
o Program Development (e.g., secure coding practices, system development lifecycle controls).
o Data Center Operations (where applicable).
o Network Security Controls (relevant to SOX scope).
o Database Security Controls.
• Advanced understanding of an audit advisory role.
• In-depth knowledge of IT controls, their application within a SOx environment, risk management frameworks, and industry standards (e.g., COBIT, COSO).
• Strong understanding of IT processes, systems, and technologies, including critical business applications (e.g., SAP ECC/S4HANA, financial systems), underlying infrastructure (servers, databases, networks), and cloud environments.
• Ability to identify risks and recommend cost-effective controls.
• Understanding of the steel industry.
• Knowledge in Audit Board is an asset.
• Deep understanding of how IT controls integrate with and support business process controls
Skills:
• Advanced project management, coordination skills and experience leading and managing teams.
• Excellent communication (verbal and written) skills are required.
• Excellent interpersonal skills are required.
• Excellent presentation skills are required.
• Strategic thinker with strong analytical skills and problem-solving ability.
• Excellent organizational and time-management skills are required.
• Strong inf
