Group IT SOX Analyst
Lesaka Technologies
Johannesburg, Gauteng
IT roles span help desk, support, networking and software development, and remain one of SA's most in-demand and best-paid skill areas.
This listing does not state a salary. As a guide, it roles in South Africa typically pay R18 000 to R65 000 a month (indicative).
Job description
As the Group IT SOX Analyst, you will support the delivery of the Group's IT SOX compliance programme by assisting with the execution of IT SOX activities across the organisation. Working closely with the Group IT SOX Controller, you will help identify and assess IT risks, evaluate IT controls, support audit activities, and contribute to the continuous improvement of the IT control environment.
This role provides operational and analytical support across IT General Controls (ITGCs), IT Application Controls (ITACs), Information Produced by the Entity (IPE), third-party assurance (SOC reports), and SOX-related project activities.
Key Responsibilities
IT SOX Compliance & Control Testing
- Execute the annual IT SOX testing programme under the direction of the Group IT SOX Controller.
- Perform design and operating effectiveness testing of IT General Controls (ITGCs), IT Application Controls (ITACs), Information Produced by the Entity (IPE), and third-party assurance controls.
- Prepare high-quality audit working papers and maintain complete supporting documentation.
- Track testing progress and follow up on outstanding evidence with control owners.
- Assist with documenting testing exceptions and remediation actions.
- Monitor remediation activities and validate corrective actions where required, including remediation testing.
IT SOX Project Support
- Support IT projects (system implementations, upgrades, migrations, decommissioning, and enhancements) by identifying potential SOX impacts and advising mitigating control activities to be incorporated into processes.
- Assist in performing SOX impact assessments for new systems, applications, interfaces, and technology changes.
- Help identify new or modified ITGCs and IT Application Controls resulting from project activities.
- Document control changes and maintain supporting project documentation.
- Assist project teams with understanding SOX documentation requirements.
- Support the maintenance of project risk assessments and action trackers.
IT Application Controls (ITACs)
- Assist in documenting and maintaining IT Application Controls across in-scope systems.
- Evaluate automated controls for design effectiveness.
- Support testing of system configurations, automated workflows, interfaces, and validation controls.
- Confirm that automated controls continue to operate effectively following system changes.
- Assist in identifying manual controls incorrectly classified as automated and escalate observations where appropriate.
- Identify opportunities for automation of controls.
Information Produced by the Entity (IPE)
- Support reviews of system-generated reports used in SOX controls.
- Verify report parameters, filters, completeness, and accuracy.
- Assist in documenting IPE validation procedures.
- Maintain evidence supporting report completeness and accuracy.
- Support ongoing monitoring of report changes following system updates.
Third-Party Assurance (SOC Reports)
- Assist in reviewing SOC reports for third-party service providers.
- Support assessment of Complementary User Entity Controls (CUECs).
- Monitor SOC report expiry dates and obtain updated reports.
- Assist in documenting reliance assessments and identified gaps.
- Track remediation activities relating to third-party assurance findings.
Governance & Audit Support
- Prepare documentation for walkthroughs and control discussions.
- Assist with maintaining Risk and Control Matrices (RACMs).
- Support updates to the IT SOX control library.
- Maintain documentation standards and version control.
- Assist with periodic SOX reporting and dashboard preparation.
Continuous Improvement
- Identify opportunities to improve IT SOX processes and documentation.
- Support the development of templates, checklists, and standard operating procedures.
- Assist with maintaining process documentation and knowledge repositories.
- Contribute to automation initiatives that improve SOX efficiency.
- Keep up to date with changes in SOX, COSO, PCAOB, and emerging IT risks.
What You'll Bring
Qualifications
- Bachelor’s degree in Information Systems, Information Technology, Internal Audit, or a related field.
- CISA certification will be advantageous.
Experience
- 2–4 years' experience in IT Audit, IT SOX, IT Risk, Internal Audit, or IT Controls.
- Experience performing IT General Controls testing.
- Exposure to IT Application Controls, IPE, and SOX documentation.
- Experience working with audit documentation or GRC tools.
- Exposure to ERP systems such as Microsoft Dynamics, Sage, or similar platforms would be advantageous.
Technical Skills
Knowledge of:
- SOX Section 404 requirements.
- COSO Internal Control Framework.
- IT General Controls.
- IT Application Controls.
- Information Produced by the Entity (IPE).
- Third-party assurance (SOC 1/SOC 2).
- User Access Management.
- Change Management.
- IT Operations.
- Backup and Recovery controls.
- SDLC principles.
- Microsoft Office Suite (Excel, Word, PowerPoint).
- Audit management platforms.
Behavioural Competencies
- Strong analytical and problem-solving skills.
- Excellent attention to detail.
- Strong organisational and planning abilities.
- Good written and verbal communication skills.
- Ability to build positive working relationships with stakeholders.
- Ability to work independently while knowing when to escalate matters.
- Willingness to learn and continuously improve.
- Adaptable and able to work effectively in a fast-paced environment.
- High level of integrity, professionalism, and accountability.
Good to know
What does this it job pay?
This listing does not state a salary. As a guide, it roles in South Africa typically pay R18 000 to R65 000 a month (indicative).
Do I need experience for it jobs in Johannesburg?
This it role may ask for some experience or a relevant qualification. Read the listing for the specifics before you apply.
How do I apply for this job?
Tap "Apply on Indeed" to open the original listing, where you can read the full description and apply directly. JobsZA never charges you to apply, and you should never pay money to get a job.
Found on Indeed · Posted Yesterday