Responsibilities

1. Ensuring that IT processes comply with corporate policies, best practices, and IT frameworks (Incident, Problem, Change, Request, Service Catalog, CMDB):
– developing and maintening the ITGC framework;
– designing and implementing methodologies for IT risk management;
– developing documented IT policies, processes, procedures, and standards;
– maintaining the inventory of SOX in-scope IT systems and infrastructure supporting financial reporting controls
2. Performing regular and ad-hoc IT internal control audits, including:
– evaluating the design of IT controls (Test of Design);
– testing the operating effectiveness of IT controls (Test of Operating Effectiveness);
– reviewing SOC 1 Type 2 reports, defining CUECs, and assessing vendor compliance;
– identifying control gaps and recommending remediation actions;
– performing internal testing of key ITGC controls (Access Management, Change Management, Compute Operations)
3. Assessing the current state of IT controls and developing remediation plans
4. Supporting external IT audits: preparing teams, responding to auditor requests, collecting evidence and samples to validate control effectiveness
5. Monitoring and analyzing ITSM metrics (SLA/SLI/SLO, incident trends, problem backlog, change success rate, CMDB data quality)
6. Preparing weekly and monthly automated reports on ITSM compliance and process maturity
7. Participating in CAB/ECAB: reviewing changes, assessing risk, test plans, and rollback strategies.
8. Driving improvements based on audit results: standards, control checkpoints, automation of control testing
9. Improving compliance culture: conducting workshops, training, and consultations
10. Collaborating with Engineering, SRE, Security, Compliance, Legal, Finance, and other stakeholders
11. Developing and implementing DRP as part of corporate Business Continuity Plans (BCP).

Qualifications

• 5+ years of experience in ITSM, Service Management, IT Governance, or IT Audit
• Strong knowledge of ITIL v3/v4 and hands-on experience with Incident, Problem, Change, Request, CMDB
• Experience preparing for or supporting ISO 20000, ISO 27001, SOC 2, or SOX-ITGC audits
• Technical understanding sufficient to validate engineering solutions against ITGC and compliance requirements
• Experience with ITSM platforms and GRC tools (Jira Service Management, Jira, Vanta)
• Strong analytical and reporting skills with PowerBI, Grafana, or Tableau
• Ability to formalize processes and write standards, procedures, and methodologies
• Nice to have: ITIL v4 MP, ISO 20000, COBIT-2019, experience automating compliance checks, IT control testing skills, cloud experience (AWS/GCP/Azure), understanding of DevOps/SRE practices, CISA/CISM certifications.

Conditions & Benefits

• Stable salary, official employment.
• Health insurance.
• Hybrid work mode and flexible schedule.
• Relocation package offered for candidates from other regions.
• Access to professional counseling services including psychological, financial, and legal support.
• Discount club membership.
• Diverse internal training programs.
• Partially or fully paid additional training courses.
• All necessary work equipment.