Sr. Technology Compliance Analyst – SOX & IT Controls

Hybrid: 3 days per week in NYC

Who we are

DoubleVerify is a leading software platform for digital media measurement, data and analytics. DV’s mission is to be the definitive source of transparency and data-driven insights into the quality and effectiveness of digital advertising for the world’s largest brands, publishers and digital ad platforms. DV’s technology platform provides advertisers with consistent and unbiased data and analytics that can be used to optimize the quality and return on their digital ad investments. Since 2008, DV has helped hundreds of Fortune 500 companies gain the most from their media spend by delivering best in class solutions across the digital advertising ecosystem, helping to build a better industry. Learn more at www.doubleverify.com.

Position Overview

The Sr. Technology Compliance Analyst – SOX & IT Controls is a collaborative and highly-organized individual with a deep experience in SOX IT General Controls (ITGC), audit execution, and control testing. This role will execute ITGC compliance activities across in-scope systems, partner directly with the Technology Compliance Director, Internal Audit, and external auditors, and drive remediation of control deficiencies across various industry compliance frameworks. The ideal candidate has operated within a public-company SOX environment or internal audit and understands how to design, document, test, and evidence IT controls.

Essential Job Duties

• Lead execution of SOX ITGC controls (e.g., Access Management, Change Management, Segregation of Duties) and support related compliance frameworks (SOC 2, ISO 27001, MRC) as needed. This is a hands-on control operator role responsible for executing and evidencing controls, not solely developing policies.
• Coordinate and respond to external auditor requests for evidence and population samples 
• Prepare control narratives and evidence packages 
• Support audit walkthroughs and control testing sessions
• Assist in identifying, documenting, and monitoring any gaps in compliance. 
• Track and remediate audit findings and deficiencies 
• Recommend process enhancements ahead of future audits.
• Facilitate and execute the quarterly User Access Review process using both manual and automated processes. 
• Facilitate and execute the annual review of each vendor's SOC report (the specific type of report––SOC 1 or SOC 2 will be determined based on the company's requirement). 
• Evaluate Complementary User Entity Controls (CUECs)
• Evaluate testing of controls and understand if exceptions impact DoubleVerify

Skills and Experience

• 5+ years of experience in SOX IT compliance within a public company environment
• Direct experience with:
• SOX ITGC testing
• IT control documentation
• Evidence collection and audit response
• Control deficiency remediation
• Experience working with Big 4 auditors
• Strong understanding of:
• Access provisioning and deprovisioning controls
• Change management
• Segregation of duties (SoD)
• Job Monitoring
• Experience reviewing IT controls across systems such as GitLab and cloud environments like GCP.

The successful candidate’s starting salary will be determined based on a number of non-discriminating factors, including qualifications for the role, level, skills, experience, location, and balancing internal equity relative to peers at DV. The estimated salary range for this role based on the qualifications set forth in the job description is between $73,000.00 to $146,000.00. This role will also be eligible for bonus/commission (as applicable), equity, and benefits. The range above is for the expectations as laid out in the job description; however, we are often open to a wide variety of profiles, and recognize that the person we hire may be more or less experienced than this job description as posted.

Not-so-fun fact: Research shows that while men apply to jobs when they meet an average of 60% of job criteria, women and other marginalized groups tend to only apply when they check every box. So if you think you have what it takes but you’re not sure that you check every box, apply anyway!