Compliance Officer - Quezon City

About us: is a leading ISO certified Philippines offshore outsourcing company that provides dedicated remote staff to some of the world's leading international companies. · Outsourced is recognized as one of the Best Places to Work and has achieved Great Place to Work Certificati ...

Paglalarawan ng trabaho

About us:

is a leading ISO certified Philippines offshore outsourcing company that provides dedicated remote staff to some of the world's leading international companies.

Outsourced is recognized as one of the Best Places to Work and has achieved Great Place to Work Certification. We are committed to providing a positive and supportive work environment where all staff can thrive. As an Outsourced staff member, you will enjoy a fun and friendly working environment, competitive salaries, opportunities for growth and development, work-life balance, and the chance to share your passion with a team of over 1000 talented professionals


About the role:
The primary focus of this role will be to conduct quarterly testing activities for SOX IT controls.

The successful candidate will be responsible for utilizing database and Active Directory (AD) auditing tools to perform thorough access reviews across various applications, operating systems, and databases.

They will monitor established controls, identify and report any discrepancies, and ensure that our operations are compliant with SOX requirements.

Strong understanding of IT systems, particularly AD and SQL, and able to communicate effectively with various departments to enforce compliance policies and procedures.

Day-to-day duties will include the review and analysis of our current controls, making recommendations for improvement, and leading the remediation of any issues identified during testing.

About You:

The ideal candidate for this position will be someone with a sharp eye for detail and a passion for maintaining organizational integrity.

You are expected to have a proactive attitude and the ability to work both independently and collaboratively.

Strong analytical skills and the capacity to manage multiple tasks efficiently will be pivotal to your success in this role.

Key Responsibilities:
Perform quarterly SOX IT control testing to ensure ongoing compliance with regulatory requirements.
Use specialized audit and monitoring tools to assess controls across databases and Active Directory environments.
Conduct periodic access reviews covering applications, operating systems, and databases to validate appropriate access and segregation of duties.
Identify, investigate, and document control gaps, discrepancies, and process issues, and track remediation actions to closure.
Collaborate with IT, Security, and business stakeholders to strengthen and continuously improve the control environment.
Develop, maintain, and document compliance processes, procedures, and standards, and actively socialize them with relevant stakeholders.
Manage audit activities through the GRC platform, ensuring accurate, timely, and auditable responses to internal and external auditors.
Provide clear, practical, and actionable feedback on control findings and remediation requirements.
Maintain up-to-date knowledge of SOX, IT controls, and relevant compliance standards and regulations.
Weekly Log Review
Perform weekly reviews of logs for SOX-relevant IT systems to identify security violations, suspicious activity, or anomalies.
Escalate any irregularities or misbehaviour identified during the review, including issues from external systems or service providers.

Reach out to the log performer to clarify any unconfirmed or incomplete entries and ensure appropriate escalation protocols are followed.

Confirm that all change logs are properly documented and approved using Service Request (SR) tickets, Change Advisory Board (CAB) records, or other supporting documentation.

Quarterly SOX Access Reviews
Conduct quarterly access reviews for all SOX-relevant applications, databases, and operating systems.
Sanitize user lists by assigning the correct reviewers and applying corrections based on findings from previous review cycles.
Ensure user access rights are appropriate and aligned with their job responsibilities.
Follow up with stakeholders on required access changes or confirmations.
Escalate unresolved action items or any delays in completion to ensure compliance with review timelines.
Respond to stakeholder queries and concerns regarding access review procedures or outcomes.
Validate that Segregation of Duties (SoD) requirements are consistently met across all systems.
User Role Matrix (URM) Management
Regularly update the User Role Matrix to reflect any changes in user roles, permissions, or organizational structure.
Escalate any mismatches or non-conformities identified during access reviews.
Notify the Security Team if any access modifications are required based on Internal Auditor recommendations.
Process Documentation
Maintain and continuously update documentation related to the SOX access review process.
Ensure process documents reflect the latest control requirements, audit standards, and actual practices.
Anomaly Reporting
Proactively report anomalies or irregularities discovered in any system or application used in the execution of job responsibilities.
Initiate and follow up on necessary investigations or mitigation activities in collaboration with relevant teams.
Internal Audit Support
Respond promptly to Internal Auditor inquiries regarding access controls and review processes.
Provide accurate documentation, clarification, and evidence to support audit findings and corrective actions.
Participate in meetings or correspondence, as needed, to address auditor concerns and ensure clear communication.
Control Issue Management
Detect and investigate control gaps, access violations, or procedural inconsistencies.
Deliver clear, actionable recommendations to address identified control issues and strengthen the control environment.
Cross-Department Collaboration
Collaborate with IT, Security, Compliance, and other business units to support access governance efforts.
Ensure cross-functional alignment on compliance responsibilities and access control expectations.

• Non-SOX Responsibilities

Bi-Annual Access Review
Conduct bi-annual access reviews for all non-SOX applications and systems.
Request updated user lists from system owners or administrators for each application under review.
Sanitize user data and assign the appropriate reviewers to ensure accountability.
Verify that access permissions are still valid, necessary, and in line with the user's role and responsibilities.
Stakeholder Identification & Process Ownership
Identify and validate the correct process owners or stakeholders responsible for each application or system.
Keep stakeholders informed and engaged throughout the review process.
Follow up on outstanding action items and initiate escalation procedures when necessary to ensure timely resolution.

• General Compliance Responsibilities

Compliance Knowledge
Maintain current knowledge of relevant compliance regulations, including SOX and internal access control policies.
Ensure that all access review activities are aligned with applicable standards, audit requirements, and best practices.


Qualifications and Experience:
Bachelor's degree in Information Technology, Computer Science, Finance, or a related field.

A minimum of 5 years of experience in IT auditing or compliance, with a preference for those who have experience in a SOX-controlled environment.

Proficient with AD and SQL systems.
Excellent communication skills, capable of explaining complex compliance issues clearly and effectively.
Strong attention to detail and accuracy.
Experience with database and AD auditing tools.
Familiarity with access review processes in various systems and environments.
Certification in Information Systems Auditing (e.g., CISA) is highly desirable.


Work Arrangement:
Hybrid Set-up (Quezon City - Eastwood)
Should have strong internet connection (minimum of 20 mbps)
Work Schedule

Working Days:
Monday – Friday

Working Hours: 7:00 AM – 4:00 PM (PHT)