Role: Senior Risk Management (SOX Controls, Oversight & Advisory)
Location: Atlanta, GA
Role Overview
The Senior Risk Management Professional will be responsible for defining, designing, independently reviewing, and strengthening SOX Information Technology controls across the organization. This role demands deep expertise in SOX control design and operating effectiveness, deficiency management, evidence validation, audit support, and remediation advisory.
The role functions as an independent second line assurance ("watch the watchers"), providing oversight over control design, execution, testing quality, audit readiness, and ensuring SOX compliance KPIs are strictly met.
Key Responsibilities
SOX Controls Design, Review & Oversight
Define, design, review, and independently assess SOX Information Technology controls.
Perform detailed reviews of existing controls to identify:
o Control design gaps or inadequacies
o Misalignment between risks and controls
o Ineffective, redundant, or unsustainable controls
Evaluate Design Effectiveness (DE) to ensure controls sufficiently address identified SOX risks.
Assess Operating Effectiveness (OE) to identify:
o Execution inconsistencies
o Control failures
o Tool, automation, or manual dependency gaps
Independent Control Review & Evidence Validation (Watcher Role)
Act as an independent reviewer of control execution, testing approaches, and conclusions performed by control owners or first line teams.
Perform rigorous SOX evidence validation, ensuring:
o Evidence completeness, accuracy, and relevance
o Proper period coverage and traceability
o Alignment to control objectives and audit expectations
Identify OE gaps, testing weaknesses, documentation gaps, and unsupported conclusions and recommend corrective actions.
Ensure evidence quality meets external audit defensibility standards.
Audit Query, Observation & Issue Management
Actively support internal and external audit queries, walkthroughs, and information requests.
Review audit questions and observations for technical accuracy and risk relevance.
Support management in drafting clear, risk based responses to audit observations.
Assess audit observations to determine:
o True control deficiencies vs documentation gaps
o Root causes and systemic issues
Track and monitor audit observations through closure.
Deficiency Assessment & Root Cause Analysis
Identify and assess SOX control deficiencies, including:
o Design deficiencies
o Operating effectiveness deficiencies
o Evidence and documentation deficiencies
Perform detailed root cause analysis covering people, process, system, and governance aspects.
Evaluate deficiency severity and potential impact in coordination with stakeholders and auditors.
Remediation & Preventive Advisory
Provide remediation advisory support to ensure corrective actions are:
o Risk aligned
o Sustainable
o Preventive in nature
Recommend enhancements or necessary adaptations to controls based on:
o Audit feedback
o Repeated deficiencies
o Changes in systems, processes, or compliance expectations
Review remediation evidence and validate effective closure of deficiencies.
Ensure remediation actions meet audit expectations and prevent future recurrence.
SOX Compliance Governance & KPI Management
Ensure SOX compliance KPIs are strictly met, including but not limited to:
o Timely execution of controls
o Quality and completeness of evidence
o On time audit responses
o Closure of audit observations and deficiencies within agreed timelines
Monitor SOX performance metrics and highlight risks or slippages proactively.
Drive continuous improvement in SOX control maturity and audit readiness.
Stakeholder & Control Owner Engagement
Work closely with Control Owners, IT teams, and business stakeholders.
Provide guidance, challenge control execution constructively, and promote accountability.
Improve SOX awareness, execution discipline, and documentation practices across teams.
Act as a trusted advisor to leadership on SOX risk posture and control effectiveness.
Required Skills & Competencies
Extensive expertise in SOX Information Technology controls
Strong mastery of Design Effectiveness and Operating Effectiveness evaluations
Proven experience in detailed control reviews, OE gap analysis, and evidence validation
Strong capability in audit support, observation management, and remediation advisory
Ability to operate independently in a second line / oversight role
Excellent analytical, communication, and stakeholder management skills
Education, Experience & Certifications
Bachelor's degree in Information Systems, Accounting, Finance, Risk Management, or related field
8 12+ years of experience in SOX compliance, IT risk management, internal audit, or controls advisory
Certifications in relevant areas are good to have, such as:
o CISA
o CPA
o CIA
o CRISC
Success Measures
Reduction in repeat SOX deficiencies
High quality, audit ready evidence and documentation
Timely and effective closure of audit observations
Consistent achievement of SOX compliance KPIs
Strengthened control sustainability and stakeholder confidences
The pay range for this role is $70k- $75k per annum including any bonuses or variable pay. Tech Mahindra also offers benefits like medical, vision, dental, life, disability insurance and paid time off (including holidays, parental leave, and sick leave, as required by law). Ask our recruiters for more details on our Benefits package. The exact offer terms will depend on the skill level, educational qualifications, experience, and location of the candidate.
"Tech Mahindra is an Equal Employment Opportunity employer. We promote and support a diverse workforce at all levels of the company. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex, age, national origin, or disability. All applicants will be evaluated solely on the basis of their ability, competence, and performance of the essential functions of their positions with or without reasonable accommodations. Reasonable accommodations also are available in the hiring process for applicants with disabilities. Candidates can request a reasonable accommodation by contacting the company ADA Coordinator at
ADA_Accomodations@TechMahindra.com
."
Tech Mahindra represents the connected world, offering innovative and customer-centric information technology experiences, enabling Enterprises, Associates and the Society to Rise . We are a USD 4.9 billion company with 121,840+ professionals across 90 countries, helping over 935 global customers including Fortune 500 companies. Our convergent, digital, design experiences, innovation platforms and reusable assets connect across a number of technologies to deliver tangible business value and experiences to our stakeholders. Tech Mahindra is the highest ranked Non-U.S. company in the Forbes Global Digital 100 list (2018) and in the Forbes Fab 50 companies in Asia (2018).