Sr. Lead Analyst - SOX IT Governance

Location:

Job Title (Job Profile Name)

Sr. Lead Analyst - SOX IT Governance

Location

Cleveland, OH (Hybrid - 3 days in office per week)

Reports To

Senior Manager, SarbanesOxley Program Governance

Job Profile Summary

The Sr. Lead Analyst - SOX IT Governance serves as a key subject matter expert within the Financial Risk Governance team, supporting the execution, monitoring, and continuous improvement of the Bank's SarbanesOxley (SOX) IT controls program. This role contributes advanced analytical and technical expertise to SOX IT governance activities, leads and performs complex Test of Design evaluations for IT General Controls (ITGCs) and application controls, and helps enhance the quality and consistency of SOX IT processes. The Sr. Lead Analyst collaborates with IT, business, risk, and audit stakeholders to ensure adherence to ICFR, COSO, PCAOB, and applicable IT control frameworks, while supporting leadership in strengthening the Bank's IT control environment and governance practices.

Compensation Grade

111e

Job Description

1. SOX IT Program Governance Support

Support execution of SOX IT governance processes, including program documentation, governance materials, and program reporting for IT General Controls and application controls. Assist in coordinating crossfunctional discussions with IT and business stakeholders, compiling program updates, and preparing materials for senior leaders and governance committees. Contribute subject matter insights to strengthen SOX IT methodology, documentation standards, and oversight routines.

2. Test of Design (TOD) Execution & Expertise

Lead and perform complex Test of Design evaluations for SOX IT controls across infrastructure, applications, and key supporting systems. Review IT control narratives, walkthroughs, and documentation to ensure accuracy, clarity, and alignment with SOX IT program standards. Provide guidance to IT control owners and testers on improving control design, documentation practices, and technology risk mitigation approaches.

3. Risk Assessment & Scoping Support

Perform detailed analysis to support the annual and periodic SOX IT risk assessment and scoping process. Evaluate significant IT systems, applications, interfaces, and supporting processes using quantitative and qualitative criteria. Identify emerging technology risks and recommend updates to SOX IT scope based on changes in platforms, data flows, system implementations, or regulatory expectations.

4. Testing & Issue Management Coordination

Monitor SOX IT control testing progress and review testing results for completeness and consistency with program methodology. Partner with IT testing teams, internal stakeholders, and control owners to support accurate evaluation of IT control deficiencies. Support the remediation lifecycle by validating corrective actions and ensuring alignment with SOX, ICFR, and IT control framework expectations.

5. Reporting, Metrics & Analytics

Prepare dashboards, metrics, and SOX IT program status reports using GRC tools and data analytics. Summarize trends, recurring issues, and insights related to IT controls to support leadership decisionmaking. Assist in preparing materials for governance committees, external auditors, and internal stakeholders.

6. Continuous Improvement & Automation

Identify opportunities to streamline SOX IT processes, enhance documentation quality, and support automation or analytics initiatives related to IT controls. Contribute to tool enhancements, process redesign activities, and pilot initiatives focused on improving SOX IT program efficiency and effectiveness.

7. Training & Communication Support

Assist in developing SOX IT training content for IT control owners, testers, and other stakeholders. Support delivery of training and awareness activities to promote understanding of SOX IT requirements, program updates, and control documentation expectations. Develop clear communications that enable consistent execution of SOX IT controls across technology and business areas.

Required Qualifications

• Bachelor's degree in Information Systems, Accounting, Finance, or related discipline.
• Minimum 5 years of experience in SOX, IT audit, IT risk management, internal controls, or a related risk/control discipline.
• Strong knowledge of SOX, ICFR, COSO, PCAOB, and IT control frameworks (e.g., COBIT, NIST).
• Demonstrated experience performing or reviewing IT control design assessments, including ITGCs and application controls.
• Strong analytical, communication, and collaboration skills.
• Experience with GRC tools, automation, or data analytics preferred.
• CISA, CPA, or CIA preferred.

Competencies / Skills

Accountability & Ownership

Takes responsibility for highquality execution of ITfocused assignments, delivering accurate and timely work while proactively identifying control gaps and recommending solutions.

Governance Support & Influence

Demonstrates strong understanding of SOX IT governance and effectively influences crossfunctional partners to drive consistency, quality, and alignment across technology processes.

IT Control Design Expertise

Exhibits deep understanding of IT control design principles, technology risk mitigation, and documentation standards, providing credible guidance to IT stakeholders.

Analytical Rigor

Applies advanced analytical skills to evaluate IT environments, systems, and controls, identify gaps, and recommend actionable improvements.

Communication & Collaboration

Communicates complex IT risks and control concepts clearly to technical and nontechnical audiences. Builds strong working relationships across IT, business, risk, and audit teams.

Continuous Improvement Mindset

Champions process optimization, innovation, and the use of automation or analytics to enhance SOX IT program efficiency.

Integrity & Ethics

Demonstrates the highest standards of ethical conduct, sound judgment, and professionalism.

Accuracy, Timeliness & Planning

Strong organizational skills with the ability to manage multiple priorities, maintain attention to detail, and consistently meet deadlines and quality standards.

COMPENSATION AND BENEFITS

Please click here for a list of benefits for which this position is eligible.

Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.