Sr. Technology Compliance Analyst – SOX & IT Controls

Hybrid: 3 days per week in NYC

Who we are

DoubleVerify is a leading software platform for digital media measurement, data and analytics. DV’s mission is to be the definitive source of transparency and data-driven insights into the quality and effectiveness of digital advertising for the world’s largest brands, publishers and digital ad platforms. DV’s technology platform provides advertisers with consistent and unbiased data and analytics that can be used to optimize the quality and return on their digital ad investments. Since 2008, DV has helped hundreds of Fortune 500 companies gain the most from their media spend by delivering best in class solutions across the digital advertising ecosystem, helping to build a better industry. Learn more at www.doubleverify.com.

Position Overview

The Sr. Technology Compliance Analyst – SOX & IT Controls is a collaborative and highly-organized individual with a deep experience in SOX IT General Controls (ITGC), audit execution, and control testing. This role will execute ITGC compliance activities across in-scope systems, partner directly with the Technology Compliance Director, Internal Audit, and external auditors, and drive remediation of control deficiencies across various industry compliance frameworks. The ideal candidate has operated within a public-company SOX environment or internal audit and understands how to design, document, test, and evidence IT controls.

Essential Job Duties

• Lead execution of SOX ITGC controls (e.g., Access Management, Change Management, Segregation of Duties) and support related compliance frameworks (SOC 2, ISO 27001, MRC) as needed. This is a hands-on control operator role responsible for executing and evidencing controls, not solely developing policies.
• Coordinate and respond to external auditor requests for evidence and population samples 
• Prepare control narratives and evidence packages 
• Support audit walkthroughs and control testing sessions
• Assist in identifying, documenting, and monitoring any gaps in compliance. 
• Track and remediate audit findings and deficiencies 
• Recommend process enhancements ahead of future audits.
• Facilitate and execute the quarterly User Access Review process using both manual and automated processes. 
• Facilitate and execute the annual review of each vendor's SOC report (the specific type of report––SOC 1 or SOC 2 will be determined based on the company's requirement). 
• Evaluate Complementary User Entity Controls (CUECs)
• Evaluate testing of cont