Sr SOX Compliance Analyst - ITGC

Requisition Number: 29039 

UGI Corporation (NYSE: UGI) is a holding company that distributes and markets energy products and services through our subsidiaries and the company’s common stock is a balanced growth and income investment. UGI Corporation has paid common dividends for more than 135 consecutive years.

In addition to a challenging career and competitive compensation, our employees enjoy:

Generous and Family-friendly Health & Welfare Benefits Including:

•    Medical, Vision, and Dental Plans 
•    Optional Health Savings Account
•    Optional Dependent Care Savings Account
•    Paid Maternity/Paternity Leave
•    Work from home policy
•    Employee Assistance Program

Additional Benefits Include:

•    401K with a generous company match
•    Tuition Reimbursement
•    Assistance with Professional Credentialing
•    Referral Bonuses
•    Employee Discount Programs

Job Summary-

The Senior Internal Controls Analyst - ITGC plays a critical role in ensuring the organization's adherence to SOX requirements and mitigating IT-related risks to financial reporting. This role supports the design, execution, and testing of IT general controls across all UGI family of companies, ensuring that controls are properly implemented and operating effectively and efficiently. The SOX Compliance Analyst - ITGC will collaborate with IT and business stakeholders to create and update SOX documentation, including IT process narratives, system flowcharts, and IT control matrices, while also assisting with user access reviews and IT vendor SOC reports assessment. They are responsible for executing IT management control activities, identifying opportunities for improvements and automation, and identifying process enhancements to strengthen the IT control environment while gaining efficiency. Additionally, this role provides critical support during internal and external IT audits and contributes to cross-functional projects by offering expertise on IT controls and SOX compliance. With existing knowledge of IT general controls, cybersecurity frameworks, and COBIT, coupled with technical and communication skills, the SOX Compliance Analyst - ITGC will assist in continually improving the company's IT control environment and ensure continuous compliance throughout the fiscal year.

Essential Functions-

• Obtain thorough expertise with IT processes and systems coupled with understanding of applicable IT-related financial misstatement risk. Evaluate the IT controls framework across all UGI companies.  Ensure controls are properly designed and operating efficiently and effectively to mitigate identified technology and financial reporting risks.
• Lead the execution/review of IT general controls, such as user access reviews, privileged access reviews, and others as assigned.  Lead the annual SOC 1 type II report evaluations. Work closely with the IT team to ensure that all IT controls are efficiently and effectively implemented, and necessary evidence is auditable and available. Serve as primary liaison for internal and external IT audit teams.
• Design, create and execute IT control monitoring activities.  Continually improve efficiency and effectiveness of the monitoring activities and documentation. 
• Collaborate with IT departments and system administrators to gather information and facilitate the execution of IT controls. Communicate clearly and effectively with team members, IT control owners, and external auditors to ensure alignment and transparency.
• Proactively consult on the development of appropriate IT general controls or processes with management, internal or external auditors, or consultants during major IT implementations and new business functionality projects. 
• Support the maintenance of ITGC SOX documentation, including IT process narratives and system flowcharts. Coordinate with IT SMEs to review the risk and control. Assist with the overall evaluation of the risks within IT processes and make suggestions for mitigating risks more effectively and/or more efficiently.

Skills-

• Collaboration: Strong collaboration skills to work closely with IT departments and team members on SOX compliance activities.
• Problem-Solving/Critical Thinking: Advanced problem-solving skills to assist in resolving IT control deficiencies. Assist in developing and implementing mitigation plans, as well as ensuring timely execution of IT remediation plans.
• Organization: Excellent organizational skills to manage multiple IT control testing tasks and ensure thorough documentation of testing results, enable daily status tracking.
• Communication:  Strong communication skills (written/verbal) for documenting IT control findings, drafting technical reports, and presenting results to team members and management. Technical skills in creating presentations to pitch, train and/or summarize results pertaining to IT SOX compliance.
• Training: Assist in training peers and junior team members by documenting procedures related to executing specific ITGC management review controls.
• Technical Skills Advanced skills in database querying (SQL), PowerShell, IT security concepts, and system administration principles. Expertise in enterprise systems like Active Directory, ERP systems, change management tools, and IT service management platforms is a plus.

Competencies-

• Attention to Detail: Can follow complex methodologies to execute procedures completely and accurately.  Adheres to corporate IPE policy with exceptional accuracy and completeness. 
• IT Control Framework Expertise: Solid knowledge of COBIT Framework, ISO 27001, or NIST and how they apply to daily SOX compliance activities.
• Accountability: Takes ownership of tracking their work and providing regular, clear updates to management on project status, risks, and any issues.
• Time Management: Effectively manage time to balance multiple IT control execution priorities and meet agreed upon deadlines within the SOX compliance function.

Education and Experience-

• Bachelor's degree in information systems, computer science, cybersecurity, or related field.
• Professional certification in IT audit or security (CISA, CISSP, or equivalent).
• Minimum of 5 years of experience in IT controls, IT audit, or IT compliance with a focus on SOX ITGC testing required.
• Of the 5 years’ total experience, a minimum of 3 years' experience in an external IT audit or IT consulting environment with a focus on SOX compliance is preferred.

#LI-Hybrid

All offers of employment are contingent upon the successful completion of a background check and drug screen, subject to applicable laws and regulations.

UGI Corporation is an Equal Opportunity Employer.  The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.