Job Information

Home Depot Senior Analyst, Internal Controls - IT SOX in Atlanta, Georgia

Position Purpose:

The Internal Controls IT SOX team is a part of the Finance organization focusing on centralizing compliance programs across business and IT. Our IT SOX team oversees processes to ensure an effective internal control environment. The team works closely with Internal and External Audit, IT and Business partners across the organization.

The Senior Analyst of IT SOX Governance and Monitoring is responsible for partnering with control owners to ensure IT general controls are well documented, understood, and implemented effectively across the Company. The role works collaboratively with individuals and teams across the organization to maintain effective controls and support the Company's strategic objectives and enterprise initiatives.

Major Tasks, Responsibilities and Key Accountabilities:

  • Performing analysis for enterprise-wide SOX scoping activities to identify potential changes and confirm in-scope IT applications/tools, IT infrastructure and IT general controls for the current fiscal year

  • Maintaining inventory of IT applications/systems, infrastructure, and risks and controls

  • Assist control owners with creating and updating documentation for IT general control domains and associated controls (e.g., narratives, risk and control matrix wording)

  • Partnering with IT teams to continuously assess the design of controls

  • Contribute to detailed status reports for report to stakeholders and Senior Leadership

  • Analyze and update SOC report evaluations, partnering with the relevant stakeholders

  • Help create training related to controls, policies, and requirements to evolve capabilities, governance awareness and efficiencies

  • Enterprise Initiative Support:

  • Assess new IT systems or changes to existing applications to determine controls impact & risks to environment (such as migration to new systems, tool, etc.)

  • Assist with integrating new applications into the IT Controls environment (meet with new contacts, assess impacts, explain controls, write meeting minutes, follow up for implementation, etc.)

  • Assist with coordination and tracking of SOX IT control activities (e.g., Internal and External Audit deficiencies, meetings, etc.)

  • Analyzing and compiling data for monitoring, dashboarding and reporting on the remediation of IT control deficiencies

  • Assist with the remediation of IT control deficiencies by investigating the root cause, partnering with control owners on documenting action plans, and closely following up until remediation

  • Analyze and update SOC report evaluations by partnering with the relevant stakeholders to confirm auditor opinion, test results, adequacy and relevance of report scope, and other control considerations

  • Help create training related to controls, policies, and requirements to evolve capabilities, governance awareness and efficiencies

  • Enterprise Initiative Support - support IT teams with strategic initiatives; continuously assess internal processes for process improvement opportunities, including technology enablement.

  • Contribute to the IT general control deficiency evaluation process

  • Participate in the implementation and roll-out of GRC software to support efficient and effective SOX program management and execution

  • Develop value-adding relationships with process owners and make recommendations for process improvement

Nature and Scope

  • Typically reports to Manager, Internal Controls

  • Accountable for direct supervision of the work activities of others. Planning, monitoring and reviewing work of subordinates is required. This may include direct supervision or the coordination of multiple work groups. Makes recommendations concerning selection, termination, performance appraisal and professional development


  • Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.


  • Typically requires overnight travel less than 10% of the time.

Minimum Qualifications:

  • Must be eighteen years of age or older.

  • Must be legally permitted to work in the United States.

Education Required:

The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Years of Relevant Work Experience: 2-4 years

Physical Job Requirements:

Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Preferred Qualifications

  • Master's degree in Accounting, Information Systems, or related field is preferred

  • Strong IT, business process, risks, and controls knowledge

  • CISA, CISSP, CIA, or other related certification preferred

  • Proven ability to lead and develop high functioning teams

  • Strong strategic thinking and problem-solving ability

  • Ability to partner with IT stakeholders across the organization to achieve consensus

  • Ability to influence at all levels of the organization through strong verbal and written communication skills

  • Comfort negotiating in competitive or adversarial environments

Knowledge, Skills, Abilities and Competencies

  • Thorough working knowledge of IT general controls, COBIT, Auditing Standards, and generally accepted accounting practices

  • Be able to understand, assess and prioritize risks across the components of the IT environment (e.g., application, operating system, and database)

  • In-depth experience and knowledge of key IT and information security topics such as cyber security, applications, infrastructure, systems implementations, cloud computing, IT general controls, SOC reports, and back-office operations

  • General knowledge of the technologies used in complex IT environments

  • Understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards

  • Adept at assessing complex IT and business processes environments to identify potential IT, financial, operational, and compliance risks

  • Familiarity with risk management methodologies, frameworks and principles

  • Ability to appropriately articulate requirements to technical and business stakeholders

  • Experience with GRC Technology

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.