SOX & Internal Controls Compliance IT Manager, CoStar Group - Arlington, VA

Who is CoStar Group? 

CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world’s real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives. 

We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We’ve continually refined, transformed, and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate. 

Role Overview: SOX & Internal Controls Compliance IT Manager 
Arlington, VA | In office, Monday-Friday 

Responsibilities 

• Support Sarbanes-Oxley (“SOX”) compliance, internal controls, and enterprise risk management (“ERM”) assessments.  

• Assist with implementing the SOX compliance programs, including, but not limited to the following activities: 

• Conducting risk assessments and system scoping 

• Conducting walkthroughs and documenting end-to-end technology processes, identifying risks and key controls, using narratives  

• Documenting and assessing the design and effectiveness of key IT general controls (“ITGC”) and IT application controls (“ITAC”)  

• Executing testing to validate the operating effectiveness of controls  

• Evaluating controls deficiencies to determine impact and significance  

• Identifying and implementing effective and efficient plans to remediate control deficiencies  

• Summarizing and documenting results of work performed including management reporting  

• Execute internal controls and IT risk management activities to support our risk management initiatives.  

• Ensure robust IT General Controls over: 

• Logical access management 

• Role-based security and segregation of duties 

• Change management 

• System interfaces and data integrity 

• Configuration controls 

• Oversee periodic user access reviews and segregation of duties analyses. 

• Coordinate with IT and Information Security to align financial systems governance with enterprise cybersecurity standards.  

• Assess technology risks and internal control solutions associated with ERP, SaaS, IT infrastructure and cloud platforms. 

• Create and deliver presentations on technical concepts, project work plans, delivery approach, milestones, and results to key stakeholders.  

• Deliver efficient and effective approaches to implement and assess risks relating to information security and change management. 

• Implement data analytics to enhance approaches to internal control assessments. 

• Work effectively across different groups within the company (technology, accounting, finance, operations. 

Basic Qualifications 

• Bachelor's degree required in Information Systems, Accounting, Finance, or related field from an accredited, not-for-profit, in-person college/university.    

• A track record of commitment to prior employers. 

• 7-8+ years of professional services experience with applicable IT risk management and internal controls experience. 

• One or more of the following risk related certifications is preferred: CPA, CIA, CISA, or CISSP. 

• Track record of technical expertise with SOX, IT risk management and internal controls assessments.  

• Deep knowledge of SOX compliance and PCAOB requirements: 

• SOX 404 and COSO framework 

• IT General Controls (ITGCs) 

• Segregation of duties architecture 

• ERP and financial systems governance 

• Experience implementing and assessing controls over highly automated business processes. 

• Knowledge of emerging technology risks, including cloud computing, agile development, cybersecurity, and privacy. 

• Knowledge of best practices for authentication, authorization and change management.  

• Ability to manage and prioritize assignments while meeting deadlines and maintaining attention to detail.  

• Excellent analytical, problem-solving, and critical thinking skills to assess complex IT risks and identify appropriate control enhancements.  

• Exceptional verbal and written communication skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.  

• Experience in a publicly traded company ($1B+ revenue) or Big 4 experience required. 

Preferred Qualifications 

• 7-8+ years of experience in IT auditing, or IT compliance or IT risk management, preferably within a large organization or a public accounting firm.  

• Knowledge and application of IT controls and governance frameworks such as SOC 1/2, COBIT, NIST (CSF, 800-53, and 800-171), ITIL, ISO 27001/2, and best practices.  

• Experience on ERP applications such as Oracle Cloud. 

• Proven experience in executing technology audits, including evaluating IT general controls, application controls, and data integrity.  

• Global, multi-entity experience preferred. 

What's in it for you? 

If you are a driven professional looking for a high-growth, high-reward career, CoStar Group offers the ideal opportunity. Be part of a best-in-class company with strong year-over-year growth that invests in your success. Enjoy a rewarding atmosphere where you can learn, excel, and grow.    

When you join CoStar Group, you’ll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed.     

We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training and tuition reimbursement.     

Our benefits package includes (but is not limited to):     

• Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug    

• Life, legal, and supplementary insurance    

• Virtual and in person mental health counseling services for individuals and family    

• Commuter and parking benefits    

• 401(K) retirement plan with matching contributions    

• Employee stock purchase plan    

• Paid time off    

• Tuition reimbursement    

• On-site fitness center and/or reimbursed fitness center membership costs (location dependent)    

• Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups    

• Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks    

Sponsorship    

We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position.