Enterprise Systems Security Manager

About The Position

Requirements

• 5+ years of experience in IT SOX compliance, IT audit, or IT risk management in a global organization.
• Proven experience with IT general controls (ITGCs), SOX 404, and related frameworks (e.g., COBIT, COSO).
• Strong analytical and problem-solving skills with the ability to identify risks and recommend solutions.
• Excellent communication and interpersonal skills to collaborate with diverse teams and stakeholders globally.
• Strong knowledge of IT control design, operation, and testing methodologies.
• Detail-oriented with strong organizational skills to manage multiple priorities effectively.
• Ability to work both independently and collaboratively as part of a global team.

Nice To Haves

• Familiarity with ERP systems, cloud platforms, and GRC tools is highly desirable.

Responsibilities

• Lead enterprise-wide application access management strategies, including role design, provisioning, de-provisioning, and periodic access reviews.
• Ensure least-privilege access principles are enforced across all critical systems and applications.
• Partner with application owners and IAM teams to resolve access-related risks and audit findings.
• Own and manage SOX IT General Controls (ITGCs) related to access, change management, and system operations.
• Coordinate with Internal and External Audit teams to support SOX testing, walkthroughs, and evidence requests.
• Maintain documentation for control effectiveness, control design, and risk assessments.
• Design, implement, and enhance IT control frameworks to support evolving business, regulatory, and security requirements.
• Expand IT controls into new systems, applications, and processes as the enterprise technology landscape grows.
• Evaluate control gaps and recommend scalable, sustainable solutions.
• Oversee remediation efforts for identified control deficiencies, audit findings, vulnerabilities, and compliance issues.
• Track remediation plans, timelines, and ownership to ensure timely and effective resolution.
• Validate remediation effectiveness and ensure issues are fully resolved before closure.
• Coordinate vulnerability and risk management activities across enterprise systems.
• Partner with cybersecurity, infrastructure, and application teams to assess risk impact and prioritize mitigation efforts.
• Provide training and ongoing support to IT and business stakeholders on access controls, SOX requirements, and security best practices.
• Act as a subject matter expert for IT controls, access governance, and audit readiness.
• Promote a culture of accountability, security awareness, and compliance.

Benefits

• Circle K is an Equal Opportunity Employer.
• The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws.
• Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company.
• Please inform the Company’s Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.