IT GRC SOX Specialist - Regulatory Frameworks

AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: IT GRC Sox Specialist - Regulatory Framework Location: London | Cambridge Employment Type: 1 year Fixed Term Contract The Job The IT GRC Sox Specialist will support the IT GRC team in embedding effective IT governance, risk, and compliance across the organisation. The initial primary focus will be on SOX IT General Controls (ITGC) and IT Application Controls (ITAC) design, operating effectiveness, and on scaling an enterprise‑ready IT control framework. The role partners closely with IT, Security, Finance, Internal Audit, and External Audit to ensure controls are well designed, consistently operated, appropriately evidenced, and continuously improved. The position will drive a pragmatic, audit‑ready control environment across core platforms and services (including Oracle and Salesforce) and will support broader regulatory and assurance initiatives where applicable (e.g. EU AI Act). Key responsibilities Governance, Risk and Compliance Lead the implementation and ongoing operation of the IT control framework aligned to SOX and other relevant regulatory and assurance requirements. Own IT scoping for SOX (systems, applications, infrastructure, interfaces, key reports, and outsourced services) in partnership with Finance and Internal Audit. Maintain and manage the inventory of IT risks, controls, control owners, testing frequency, evidence requirements, and framework mappings (SOX, internal policy, enterprise risk register). Ensure timely collection of high‑quality evidence demonstrating effective control operation, meeting audit standards for completeness, integrity, and traceability. Act as a primary point of contact for Internal Audit, External Audit, and other GRC teams; coordinate walkthroughs, testing support, and audit requests. Define and maintain IT GRC scope and boundaries within the Four Lines of Defence model, clarifying ownership across IT, Security, Compliance, Risk, and Audit. Prepare audit submissions, management responses, and materials for senior leadership and risk committees. Operate the IT risk radar, collecting and assessing risks across IT and reporting trends, key risks, and residual risk exposure. Develop, maintain, publish, and deliver training on IT policies, standards, and procedures; define and monitor KPIs and KRIs. Measure compliance with IT policies and coordinate remediation activities, validating closure evidence. Drive continuous improvement initiatives to mature IT GRC capabilities, including automation of control evidence collection where feasible. Track process improvement and remediation action plans, including owners, milestones, and delivery through to completion. SOX / Regulatory Control Areas (Initial Focus) IT General Controls (ITGC): Access management (joiner/mover/leaver), privileged access, change management, and IT operations. IT Application Controls (ITAC): Automated and configuration‑dependent controls supporting financial reporting, including Oracle and Salesforce. Key Reports / IPE: Standards for report completeness and accuracy, access controls, and change management over report logic. Deficiency Management: Lead root cause analysis, remediation and compensating control design, and re‑testing planning. Essential requirements Minimum 5 years’ experience in IT audit, IT risk, IT compliance, SOX IT controls, or a combined GRC/assurance role. Proven hands‑on experience designing, operating, and managing SOX ITGC and, where applicable, ITAC. Strong understanding of how IT risks and control failures impact financial reporting and transaction flows. Demonstrated experience producing reviewer‑ready documentation for audits (risk and control matrices, narratives, process flows, test evidence). Hands‑on experience managing internal and external audit interactions, including end‑to‑end evidence coordination. Ability to document, explain, and coach others on business process, system mapping, and evidencing expectations. Working knowledge of major frameworks and standards such as COSO, COBIT, ISO 27001, and NIST, and the ability to rationalise overlaps. Strong understanding of access governance, segregation of duties, privileged access, change management, and IT operations controls. Highly effective written and verbal communication skills, with the ability to influence stakeholders across IT, Finance, and Audit. Strong Microsoft Office skills, including Outlook, Excel, PowerPoint, Teams, and SharePoint. Desired skills ISACA (or equivalent) certification such as CISA, CISM, or CGEIT. Experience using risk and GRC tooling, particularly Riskonnect; exposure to ServiceNow GRC, Archer, or AuditBoard is advantageous. Experience estimating remediation costs, distinguishing between one‑off project costs and recurring operational expenditure. Familiarity with enterprise systems such as Oracle and Salesforce, including access, configuration, audit logging, reporting, and integrations. Experience supporting broader regulatory initiatives beyond SOX (e.g. operational resilience or emerging digital regulations). People leadership or coaching experience, including mentoring junior colleagues or developing direct reports. IT at AVEVA Our global team of 300+ IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company, we help keep the business healthy and productivity high.  We also provide key support for the transformation and modernisation efforts globally. We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join. Find out more: https://www.aveva.com/en/about/careers/ UK Benefits include:   Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program. It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive. Find out more: aveva.com/en/about/careers/benefits/ Hybrid working By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote. Hiring process Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process. Find out more: aveva.com/en/about/careers/hiring-process About AVEVA AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably. We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/ Find out more: aveva.com/en/about/careers/ AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria. AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.  AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.