ITGC Risk Manager

Bough is a decidedly different kind of advisory, assurance, and transformation solutions firm. Working collaboratively with clients in finance, audit, and compliance organizations, we co-create fully integrated and comprehensive solutions that connect people, processes, and technologies to navigate accounting, reporting, and compliance matters.

Our services include finance and accounting advisory, revenue assurance, FP&A advisory and support, risk advisory, and process automation and transformation.

We are busy and sometimes crazy busy delivering exceptional results to our clients with trust, quality, and humanness. Our name Bough means the main branch of a tree - a name that keeps us grounded in nature and emphasizes our belief that we wish to be the main branch on which our clients and employees lean with trust.

For any position we are hiring, we dont just want you to be an ambitious, analytical, multi-skilled, risk-taking go-getter for Bough. We want you to be more. More for yourself and for anything you undertake. Socially responsible, intuitive, empathetic, trustworthy, thoughtful, imaginative, creative, and curious are some words that resonate with us. Your skills are a qualifier, and we believe that each of us is much more than the skills we bring to our job - the person we are looking for...

Role Overview

We are building our technology risk and IT controls capability within Bough’s Risk Advisory practice to help clients address evolving IT governance, risk, and compliance requirements. As an ITGC Manager, you will play a critical role in leading and delivering IT General Controls (ITGC) and broader technology risk engagements, providing clear perspectives and actionable insights to key stakeholders including CIOs, CAEs, and audit committees.

You will be an integral part of the Risk Advisory practice, supporting engagements across ITGC, IT application controls, SOX IT compliance, SOC reporting, third-party risk, and technology risk transformation initiatives. This role requires strong technical depth, project leadership, stakeholder management, and the ability to deliver practical, high-quality solutions in complex client environments.

Key Responsibilities

• Lead IT General Controls (ITGC) engagements, including scoping, risk assessment, walkthroughs, testing, and issue evaluation across access management, change management, IT operations, and interface controls
• Oversee IT application controls (ITAC) and key report testing, ensuring appropriate testing strategies, documentation quality, and alignment with audit and regulatory requirements
• Manage SOX IT compliance efforts, including coordination with financial controls teams, internal audit, and external auditors
• Review and ensure the quality and completeness of IT control documentation, including RCMs, narratives, process flows, testing workpapers, and issue remediation plans
• Serve as a primary point of contact for client IT stakeholders, control owners, and auditors, facilitating clear communication and timely resolution of audit queries
• Support and advise clients on strengthening IT governance, risk management, and control environments, including remediation planning and control optimization
• Lead and mentor project team members, providing guidance, feedback, and on-the-job coaching
• Own end-to-end delivery of IT risk engagements, including project planning, resourcing, budgeting, timelines, and quality assurance
• Identify opportunities to leverage automation, data analytics, and emerging technologies to enhance ITGC testing efficiency and value
• Contribute to the development and growth of Bough’s technology risk function, including methodologies, templates, delivery playbooks, and thought leadership
• Participate in business development, proposal development, recruiting, and internal knowledge-sharing initiatives

Qualifications and Experience

• Bachelor’s or Master’s degree in Information Systems, Computer Science, Engineering, or a related technical field
• Relevant professional certifications such as CISA, CIA, CPA, or equivalent preferred
• 6+ years of experience in IT risk, IT audit, SOX IT compliance, or technology risk advisory, preferably within a Big 4 or leading consulting firm
• Strong experience leading ITGC, ITAC, SOC 1 / SOC 2, and ERP-related control engagements
• Practical experience working with complex IT environments, including ERP systems, cloud platforms, and third-party service providers

Preferred Skills

• Excellent analytical, communication, and stakeholder management skills, with the ability to convey complex technical concepts clearly
• Strong leadership presence with the ability to manage teams, engage senior client stakeholders, and drive outcomes
• High energy and enthusiasm, with a commitment to delivering exceptional client service and expanding Bough’s technology risk capabilities
• Entrepreneurial and collaborative mindset, with a desire to build, grow, and shape Bough’s technology risk practice
• Ability to thrive in a fast-paced consulting environment while maintaining quality, integrity, and professionalism