Senior Manager, IT Risk Controls & Sox Governance

About The Position

Requirements

• Bachelor's degree in Information Systems, Computer Science, Accounting, Risk Management, or a related field.
• Demonstrated experience supporting SOX and ICFR in a publicly traded company.
• Prior people management or team leadership experience.
• Strong understanding of IT general controls, risk frameworks, and audit requirements.
• Experience in a global or highly regulated environment.
• Strong analytical, problem-solving, and communication skills with a proven ability to drive change and influence stakeholders.
• While performing the role, you will need to lift up to 25lbs.
• Approximately 25% of travel may be required in support of the position’s responsibilities.
• Strong organization, planning, and project management skills; ability to prioritize tasks for self and team to meet requirements and deadlines.
• Ability to work with different functional groups and levels of employees to effectively and professionally achieve results.
• Strong leadership skills: ability to drive and motivate team to achieve results.

Nice To Haves

• Master’s degree in Business Administration, Information Technology, Supply or a related field of study, or equivalent experience preferred.
• Familiarity with GRC platforms and automated control monitoring.
• Professional certifications (e.g., CISA, CISSP, CRISC, CPA) a plus.

Responsibilities

• Lead the design, standardization, and ongoing oversight of IT risk management and IT general control frameworks supporting SOX, ICFR, and financial reporting integrity.
• Conduct and oversee IT risk and control assessments to identify design gaps, emerging risks, and control enhancement opportunities.
• Ensure IT control frameworks are scalable, consistent, and aligned with global governance standards.
• Serve as the primary IT governance liaison for Internal Audit and External Audit related to IT SOX matters.
• Support SOX scoping, control design discussions, audit coordination, and management responses.
• Oversee IT SOX remediation activities, including issue tracking, root cause analysis support, and validation of management action plans in coordination with Internal Audit.
• Own and maintain IT risk, security, and control policies, standards, and governance documentation.
• Provide governance oversight for key control domains, including access management, change management, logical security, and technology operations.
• Ensure policies and standards align with regulatory expectations and enterprise risk management objectives.
• Provide governance oversight of the access management control framework, including policy, standards, and risk assessments.
• Ensure appropriate separation of duties between access provisioning, approval, and review activities.
• Provide advisory oversight for changes to in scope applications and infrastructure to ensure alignment with approved change management controls and SOX requirements.
• Oversee IT risk and control governance for cloud platforms and third party applications in scope for financial reporting.
• Partner with third party risk management, procurement, and legal teams to ensure technology risks are identified and addressed appropriately.
• Partner with IT Operations, Finance, Internal Audit, Cybersecurity, and business leaders to drive consistent understanding of IT risk and control expectations.
• You are responsible for the recruitment, performance management, and career development for your team. You’ll also be expected to cultivate a collaborative team dynamic that enables us to meet our business objectives.
• Other duties as assigned.