Medifast, Inc.

IT General Controls Analyst

Job Location US-MD-Baltimore
Job ID
Job Category
Information Technology
Regular Full-Time


  • Proactively identify existing and emerging IT risks to identify gaps and facilitate remediation
  • Provide recommendations to mitigate risk or control deficiency gaps
  • Provide quality assurance of all IT General Controls through assessment, walkthroughs, and audits to ensure operational effectiveness of those security controls
  • Perform examination of security controls to determine design (TOD) and operational effectiveness (TOE)
  • Perform IT control testing and document test results
  • Conduct internal audits and SOX testing to ensure compliance with policies and procedures, and the design and operating effectiveness of internal controls
  • Review audit assessments conducted by both internal and external audit
  • Use risk-based approach to highlight key compliance risks to management
  • Plan and conduct third-party vendor assessments
  • Review and evaluate third-party SOC 1, Type 2 reports to identify control risks
  • Conduct quarterly user access reviews
  • Recommend and assist in the analysis, design and implementation of control design solutions for new and existing systems, including logical access, change management, computer operations, system development life cycle (SDLC), and general IT security
  • Evaluate IT application controls including interface configuration and monitoring
  • Evaluate management of IT risks and assess control infrastructure
  • Assist in SOX scoping and control rationalization efforts to ensure key compliance risks are addressed and maintain risk and control matrices
  • Participate in system implementation projects and business integration projects as an IT control subject matter expert and provide guidance to ensure proper IT controls are implemented, including design of new controls to mitigate risks to financial reporting
  • Follow-up on outstanding IT audit issues to drive the implementation of corrective actions
  • Perform pre/post-implementation reviews of SOX-relevant systems/applications
  • Implement Systems Development Life Cycle (SDLC) standards
  • Collaborate with control and process owners on ongoing design of ITGC, identifying control gaps and proposing control remediation actions
  • Work with departmental management to develop and update IT internal control documentation (e.g., process maps, risk control matrices, process narratives, etc.), including any new key internal controls or processes
  • Identify continuous process improvement opportunities and work with relevant process and control owners to implement
  • Engage with IT process owners to develop, recommend and monitor effective remediation plans for identified ITGC control issues
  • Assist with evaluation of the severity of identified ITGC control deficiencies and communicate the evaluation to management and internal audit
  • Partner with external and internal auditors during walkthroughs, addressing control matters during the testing process for ITGCs
  • Conduct follow-up on both open and past due internal audit and SOX observations on a regular basis
  • Participate in the planning, execution, documentation, and communication of all ITGC and IT application control testing related to SOX compliance


Required Experience

  • Bachelor's degree in Accounting, Finance, Computer Science, Management Information Systems, Accounting Information Systems or related field of study
  • 3-5 years of experience designing and testing Sarbanes Oxley (SOX) IT General Controls (ITGC), including segregation of duties assessment, identification and analysis of risks and evaluating controls effectiveness
  • Experience in the risk and compliance domain
  • Hands-on experience testing SOX compliance 
  • Experience managing IT general controls remediation projects
  • Experience with SOX, SSAE and other comparable regulatory requirements
  • Working knowledge of information security management frameworks, such as International Organization for Standardization (ISO) 2700x, COBIT and National Institute of Standards and Technology (NIST) frameworks
  • Knowledgeable in Identity and Access Management
  • Experience with project management best practices
  • Strong critical thinking and analytical skills
  • Ability to work independently
  • Thorough, diligent and detail-oriented
  • Effective business communication and writing skills
  • Ability to influence change and deal with ambiguous or challenging situations

Preferred Experience

  • Experience with Big 4 firm
  • Experience with Oracle Fusion enterprise resource planning (ERP) system
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) certification
  • ITIL certification



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed