What you'll be doing
Lead the evaluation and ongoing monitoring of ITGCs to ensure adequate design, operating effectiveness, efficiency, and compliance with SOX requirements and regulatory expectations.
Assess cybersecurity controls that intersect with ITGC domains, including identity and access management, privileged access, logging/monitoring, vulnerability management, and incident response.
Drive evaluation of broader cybersecurity programs (e.g., NIST, ISO 27001) as dictated by our audit plan and underlying business objectives.
Provide thought leadership and partnered advisory in the planning, scoping, and execution of IT SOX testing activities, including risk assessments and control rationalization.
Evaluate System Development Life Cycle (SDLC) controls to ensure secure system implementation practices, including secure coding, change management, and vulnerability remediation.
Partner with cybersecurity teams to assess risks related to cloud environments, infrastructure, and applications, ensuring appropriate controls are designed and operating effectively.
Act as a liaison to external auditors for ITGC and cybersecurity-related audits, ensuring alignment and timely communication of findings.
Lead root cause analysis and provide recommendations for control deficiencies, including those related to cybersecurity incidents and/or control gaps.
Provide independent and objective advisory to IT and business stakeholders on control design, risk mitigation, and cybersecurity best practices.
Develop, review, and maintain IT control documentation, including process flows, narratives, and control matrices, ensuring alignment with both SOX and cybersecurity requirements.
Oversee and enhance the quarterly SOX certification process, incorporating cybersecurity risk considerations where applicable.
Monitor emerging cybersecurity threats, regulatory changes, and industry trends, and assess their impact on the organization’s control environment.
Enable continuous improvement initiatives across IT Audit and cybersecurity programs, including automation and deployment of new technologies.
Support executive leadership with special project advisory that inform strategic initiatives, risk assessments, and special transformational projects as needed.
Build and leverage AI solutions and workflows to enable capacity or unlock capability for an Internal Audit function.
What you'll likely bring
8+ years of progressive experience in IT audit, IT compliance, SOX, and/or cybersecurity risk management (public accounting and/or industry). Big 4 is a plus.
Specialized experience in the Software industry.
Bachelor’s degree in Information Systems, Cybersecurity, Accounting, Finance, or related field.
Relevant certifications such as CISA, CISSP, CISM, CRISC, CIA, or CPA (or equivalent).
What can set you apart
Deep experience auditing or supporting systems such as Kinetic, SalesForce, Workday, Microsoft Azure (Entra ID), Active Directory, and different types of cloud environments (IaaS, PaaS, and SaaS).
Strong knowledge of ITGC domains (Access Management, Change Management, Interfaces, Backups, Disaster Recovery), SDLC, and their intersection with cybersecurity controls.
Deep experience performing cybersecurity audits.
Strong understanding of SOX requirements (e.g. 302, 404), principles-based internal control-integrated framework (COSO), IT Frameworks (e.g., COBIT) and cybersecurity control frameworks (e.g., NIST CSF, ISO 27001, CIS Critical Security Controls).
Understanding of data protection, privacy regulations, and secure architecture principles.
Experience leveraging automation and tools such as Workiva Wdesk, GRC platforms, and AI tools (ChatGPT, Copilot, Claude, etc.).
Strong analytical, problem-solving, and risk assessment skills.
Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organization.
Ability to manage multiple priorities, execute complex tasks, and operate both strategically and tactically.
#LI-CM1
#HYBRID
About Epicor
At Epicor, we’re truly a team. Join 5,000 talented professionals in creating a world of better business through data, AI, and cognitive ERP. We help businesses stay future-ready by connecting people, processes, and technology. From software engineers who command the latest AI technology to business development reps who help us seize new opportunities, the work we do matters. Together, Epicor employees are creating a more resilient global supply chain.
We’re Proactive, Proud, Partners.
Whatever your career journey, we’ll help you find the right path. Through our training courses, mentorship, and continuous support, you’ll get everything you need to thrive. At Epicor, your success is our success. And that success really matters, because we’re the essential partners for the world’s most essential businesses—the hardworking companies who make, move, and sell the things the world needs.
Competitive Pay & Benefits
Health and Wellness: Comprehensive health and wellness benefits designed to support your overall well-being.
Internal Mobility: Opportunities for mentorship, continuing education, and focused career goal setting, with 25% of positions filled internally.
Career Development: Free LinkedIn Learning licenses for everyone, along with our Mentoring Program to boost your personal development.
Education Support: Geographically specific programs to balance the cost of education with the benefits of continued learning and personal development.
Inclusive Workplace: Collaborate with a diverse team in an inclusive, global workplace that fosters innovation and celebrates partnership.
Work-Life Balance: Policies built on mutual trust and support, encouraging time off to rest, recharge, and reconnect.
Global Mobility: Comprehensive support for international relocations and permanent residency processes.
Equal Opportunities and Accommodations Statement
Epicor is committed to creating a workplace and global community where inclusion is valued; where you bring the whole and real you—that’s who we’re interested in. If you have interest in this or any role- but your experience doesn’t match every qualification of the job description, that’s okay- consider applying regardless.
We are an equal-opportunity employer.
Recruiter:
Christi McCallSkills Required
- 8+ years of experience in IT audit, IT compliance, SOX, and/or cybersecurity risk management
- Bachelor's degree in Information Systems, Cybersecurity, Accounting, Finance, or related field
- Relevant certifications such as CISA, CISSP, CISM, CRISC, CIA, or CPA
Epicor Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Epicor and has not been reviewed or approved by Epicor.
-
Healthcare Strength — Health coverage (medical, dental, vision) is characterized as decent to solid, complemented by wellness resources. Company materials highlight health and wellness programming alongside core plans.
-
Leave & Time Off Breadth — Flexible or unlimited PTO exists in U.S. roles, and the organization emphasizes taking time to recharge. When team norms support it, the flexibility is considered a meaningful perk.
-
Retirement Support — A 401(k) with company match is available as part of the standard offering. The match level is generally viewed as modest but serviceable.
Epicor Insights
What We Do
We’re the Digital Brains of Our Customers’ Operations We help businesses stay future-ready with cognitive ERP that connects people, processes, and technology. From software engineers who command the latest AI technology to business development reps who help us seize new opportunities, the work we do matters. Together, Epicor employees are creating a more resilient global supply chain.
Why Work With Us
Our policies are built on mutual trust, support, and a commitment to maintaining a healthy work-life balance. That's why we encourage you to take the time off you need to rest, recharge, and reconnect.
Gallery
