Job Description
Who is CoStar Group?
CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world’s real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives.
We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offeringstoour customers.We’ve continually refined, transformed, and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate.
Role Overview:SOX & Internal Controls Compliance IT Manager
Arlington, VA | In office, Monday-Friday
Responsibilities
SupportSarbanes-Oxley (“SOX”) compliance, internalcontrols, and enterprise risk management (“ERM”)assessments.
Assist with implementingtheSOX compliance programs, including, but not limited to the following activities:
Conducting risk assessments and system scoping
Conducting walkthroughs and documenting end-to-end technology processes, identifying risks and key controls, using narratives
Documenting and assessing the design and effectiveness of key IT general controls (“ITGC”) and IT application controls (“ITAC”)
Executing testing to validate the operating effectiveness of controls
Evaluating controls deficiencies to determine impact and significance
Identifying and implementing effective and efficient plans to remediate control deficiencies
Summarizing and documenting results of work performed including management reporting
Execute internalcontrolsand IT risk management activities to support our risk management initiatives.
Ensure robust IT General Controls over:
Logical access management
Role-based security and segregation of duties
Change management
System interfaces and data integrity
Configuration controls
Oversee periodic user access reviews and segregation of duties analyses.
Coordinate with IT and Information Security to align financial systems governance with enterprise cybersecurity standards.
Assesstechnology risks and internal control solutions associated with ERP, SaaS, IT infrastructure and cloud platforms.
Create and deliver presentations on technical concepts, project work plans, delivery approach, milestones, and results tokeystakeholders.
Deliver efficient and effective approaches to implement and assess risks relating to information security and change management.
Implementdata analytics to enhance approaches to internal control assessments.
Workeffectively acrossdifferent groups within thecompany(technology, accounting, finance, operations.
BasicQualifications
Bachelor's degree requiredin Information Systems, Accounting, Finance, or related field from an accredited, not-for-profit, in-person college/university.
A track record of commitment to prior employers.
7-8+ years of professional services experience with applicable IT risk management and internal controls experience.
One or more of the following risk related certifications is preferred: CPA, CIA, CISA, or CISSP.
Track record of technical expertise with SOX, IT risk management and internalcontrols assessments.
Deep knowledge ofSOX compliance and PCAOB requirements:
SOX 404 and COSO framework
IT General Controls (ITGCs)
Segregation of duties architecture
ERP and financial systems governance
Experience implementing and assessing controls over highly automated business processes.
Knowledge of emerging technology risks, including cloud computing, agiledevelopment, cybersecurity, and privacy.
Knowledge of best practices for authentication, authorization and change management.
Ability to manage and prioritize assignments while meeting deadlines and maintaining attention to detail.
Excellent analytical, problem-solving, and critical thinking skills to assess complex IT risks and identify appropriate control enhancements.
Exceptional verbal and written communication skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.
Experience in a publicly traded company ($1B+ revenue)or Big 4 experiencerequired.
PreferredQualifications
7-8+years of experience in IT auditing, or IT compliance or IT risk management, preferably within a large organization or a public accounting firm.
Knowledge and application of IT controls and governance frameworks such as SOC 1/2, COBIT, NIST (CSF, 800-53, and 800-171), ITIL,ISO 27001/2, and best practices.<