Manager, IT SOX Compliance

About The Position

Requirements

• Bachelor's degree in Accounting, Finance, Business, or related field; advanced degree or professional certification (CPA, CIA, CISA) preferred.
• Strong knowledge of SOX 404, ITGCs, and ICFR concepts and requirements.
• Hands-on experience with SAP systems, including security, SoD, and change management.
• Familiarity with control frameworks such as COSO, COBIT, and standards like SOC 1, SOC 2, ISO 27001, NIST.
• Experience supporting SDLC controls, change management, and cloud/SaaS environments (e.g., UltiPro, Salesforce, AWS).
• Ability to evaluate and document technical controls clearly and concisely.
• Excellent written and verbal communication skills, especially in preparing flowcharts, control documentation, and audit responses.
• Strong project management skills and ability to manage multiple workstreams in parallel.
• Comfortable working in a fast-paced, dynamic environment with changing priorities and deadlines.
• Proficiency with SOX compliance tools (e.g., AuditBoard) and experience working in cross-functional, global teams is a plus.
• 7+ years of experience in SOX compliance, internal audit, or public accounting, with at least 5 years focused on SOX. Experience with a 'Big Four' or top IT consulting firm preferred.

Responsibilities

• Serve as IT's primary coordinator for SOX compliance and ICFR-related responsibilities.
• Manage the design, documentation, execution, and monitoring of IT General Controls (ITGCs), including access management, change control, IT operations, and SDLC.
• Maintain comprehensive and audit-ready documentation for all in-scope controls, systems, and processes.
• Coordinate testing activities with Internal Audit and ensure timely, complete, and accurate evidence collection.
• Partner with system and process owners to ensure effective and timely remediation of control deficiencies.
• Collaborate with external auditors and advisors to manage requests, walkthroughs, and support during testing cycles.
• Participate in scoping activities for in-scope systems and evaluate the impact of system changes or new implementations on control requirements.
• Contribute to the evaluation of IT-related deficiencies and support quarterly reporting on the state of the IT control environment.
• Support risk assessments and readiness for new regulatory or operational initiatives.
• Provide guidance and documentation support for control owners across IT functions.
• Assist in the development of flowcharts, narratives, risk/control matrices, and process documentation.
• Maintain up-to-date understanding of emerging regulations, audit expectations, and risk frameworks.
• Identify and implement opportunities to automate compliance processes, including leveraging SAP GRC and other automation tools.

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• 401(k)
• Paid time off