Job Overview
We are seeking a highly skilled and motivated Sox Manager to oversee our compliance and risk management initiatives. The ideal candidate will be responsible for ensuring that our organization adheres to SOX regulations while effectively managing IT security and operational risks. This role requires a deep understanding of various technical frameworks and the ability to collaborate with cross-functional teams to implement best practices in compliance and incident response.
Responsibilities
- Own & Maintain SOX ITGCs:
- Perform User Access Reviews (UAR) across Workday, Waystar, GoRev, Visual Lease, GlobalShares, etc.
- Change management controls
- Access provisioning/deprovisioning processes (ensure timely termination, periodic re-certifications)
- Segregation of Duties (SOD) analyses and remediation tracking
- SOC report evaluation for critical third-party IT services
- IT-related controls embedded in business processes (e.g., system-generated reconciliations, logical security settings)
Documentation:
- Develop and maintain detailed SOX narratives, process flows, and control matrices
- Prepare evidence packages and coordinate testing schedules with Internal and External Audit teams
Continuous Improvement & Advisory:
- Evaluate emerging IT risks and recommend control improvements or new controls
- Collaborate with IT process owners to embed SOX requirements into standard operating procedures
- Provide “IT-focused” advisory on compliance best practices
Stakeholder Engagement:
- Liaise with Internal Audit to align on scoping, testing exceptions, and remediation plans
- Work with External Auditors to facilitate walkthroughs, testing scope, and evidence requests
- Collaborate with IT operations, security, and application teams to ensure timely remediation of control gaps
Reporting & Metrics:
- Track key SOX KPIs (e.g., percentage of timely UAR completions, number of open ITGC findings, remediation cycle times)
- Present SOX status updates to IT leadership, Internal Audit, and other stakeholders
Requirements
- Experience:
- 5+ years of experience in public accounting (Big 4 preferred), application security, access management, and industry IT experience in a regulated environment.
- Must have hands-on experience with SOX implementation and testing of ITGCs (UAR, change management, SOD, and user provisioning/deprovisioning)
- Solid understanding of IT risk frameworks (COSO, COBIT, NIST, Hitrust, etc.)
Technical/Professional Skills:
- Familiarity with core enterprise applications: Workday, Waystar, GoRev, Visual Lease, Globalshares, Active Directory, etc.
- Strong Excel skills (pivot tables, VLOOKUPs) for SOD analysis and testing documentation
- Ability to read and interpret SOC 1/SOC 2 reports, identify control gaps, and translate them into remediation actions
- Excellent written and verbal communication—comfortable leading walkthroughs, drafting control narratives, and presenting status updates
Certifications (Preferred):
- CPA, CISA, CISM, CRISC, or other relevant certifications
- SOX and IT audit training (IIA or equivalent)
Soft Skills:
- Detail-oriented with strong organizational skills
- Proven ability to build relationships and drive consensus across IT, finance, and audit teams
If you are passionate about ensuring organizational integrity through effective compliance management and possess the necessary skills outlined above, we encourage you to apply for this critical role.
Job Type: Full-time
Pay: $80,546.06 - $130,141.49 per year
Benefits:
- 401(k) matching
- Dental insurance
- Employee assistance program
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Vision insurance
Schedule:
- 8 hour shift
- Day shift
- Monday to Friday
Experience:
- SOX: 5 years (Required)
- Public accounting: 5 years (Required)
- IT governance: 5 years (Required)
- NIST standards: 5 years (Required)
License/Certification:
- CPA (Preferred)
- CISM (Preferred)
Shift availability:
Work Location: In person
