SOX Information Technology Application Controls (ITAC) Audit Lead The Enterprise Controls & Governance Group is responsible for Comerica's compliance with the provisions of Section 404 of The Sarbanes-Oxley Act of 2002 ("SOX"), and ultimately, providing certification that our internal control environment is operating effectively. The group reports administratively to the Chief Accounting Officer and works closely with key stakeholders across business units, corporate functions, technology, and the second and third lines of defense. The SOX ITAC Audit Lead is responsible for comprehensive reviews of IT Application controls and data flows to ensure appropriate controls and procedures are in place and operating effectively. Position Responsibilities Develops testing processes and procedures in alignment with SOX frameworks and PCAOB guidance and conducts baseline review activities. * Design and execute testing plans and scripts to evaluate the effectiveness of IT Application Controls, Interfaces, and key reports. * Review the design and operating effectiveness testing of key application and interface controls and communicate the exceptions. * Provide guidance to a team of control testers (internal and outsourced) ensuring the quality of documentation and testing standards. Actively participate in the walkthrough of IT Application Controls and Interfaces, including the preparation of agendas and request lists, and documenting interface diagrams to assist in the scoping of key-controls. Provide subject matter expertise on ITAC evaluation for risk assessment processes and assist with the SOX scoping and the identification of risks and controls. Reports on control testing results and key themes to management reflecting trends, emerging risks, strengths, and weaknesses. * Identifies and escalates issues for remediation. Advises on how to remediate any control deficiencies/failures, proposing solutions to root causes of identified conditions. * Validates remediation of control deficiencies and issues, including sustainability. * Develop and execute reporting on ITAC effectiveness and identify and escalate issues for remediation. This includes assisting in the remediation efforts of control deficiencies by maintaining progress tracking, communication with key stakeholders, and reporting in Workiva and Archer. Assist the ERCG group in the review or testing of IT General Controls, Business Process Controls, and other related SOX activities. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled