One of Millenilink’s clients is hiring a Senior IT Controls Consultant with deep expertise in SOX IT General Controls (ITGC) and IT Application Controls (ITAC) testing. This individual will play a critical role in supporting multiple engagements, working directly with controls owners and audit teams to ensure compliance and thorough control effectiveness testing. The role requires someone who can work independently, communicate clearly with stakeholders, and provide hands-on execution of end-to-end IT controls testing.

Key Responsibilities

SOX ITGC Support & Testing

Support IT control owners to understand and comply with ITGC evidence and audit requirements

Conduct walkthroughs, collect evidence, and identify exceptions for ITGC and ITAC controls

Perform control design and operating effectiveness testing, including exception handling

Pre-review documentation before submission to Internal and External audit teams

Independently test key controls such as Privileged access, Logical access provisioning, Change management, Configuration management

Stakeholder Engagement

Educate and collaborate with control owners to close gaps and clarify compliance needs

Clearly articulate what auditors are looking for and how controls are validated in practice

Present testing results and deviations in a clear, concise manner

Consulting Competence

Share best practices and support remediation planning

Understand the broader implications across other domains such as Information Security and Network Controls

Required Experience & Skills

Must-Haves:

• Hands-on experience testing ITGCs and ITACs in a SOX environment

• Ability to independently take a control, conduct a full end-to-end walkthrough, and perform testing

• Strong understanding of key elements of control testing (design, operating effectiveness, exceptions)

• Proven ability to clearly explain controls, testing processes, and results to stakeholders

Preference Given To:

• Candidates with Big 4 Consulting backgrounds

• Demonstrated experience across multiple IT control domains (not only access controls)

• Ability to work with minimal supervision while maintaining a high degree of quality and accuracy

Nice-to-Have:

• Broader experience in IT risk, governance, audit, or advisory