Job Description

A Day in the Life:

As the SOX Technical Program Manager, you will play a critical role in embedding SOX compliance and establishment of IT General Controls into our technology project lifecycle. You will partner closely with the Cybersecurity GRC team, Technology stakeholders, and business leaders to ensure that new systems, enhancements, and integrations are designed and implemented with strong internal controls that meet SOX requirements.

You will lead the design, implementation, and monitoring of SOX IT general controls across the SDLC, ensuring that access and privileged account management, change management, and system configuration processes are compliant from project initiation through deployment. Your work will directly support the integrity of financial reporting and the effectiveness of our internal control environment.

Key Responsibilities:

• Lead the implementation of SOX IT controls across new technology projects and system development initiatives.
• Collaborate with project teams to embed control requirements into project plans, technical designs, and implementation roadmaps.
• Document SOX control design narratives and operating effectiveness testing for in-scope systems and tools.
• Serve as the subject matter expert (SME) for SOX compliance within the SDLC, providing guidance on control design, risk mitigation, and audit readiness.
• Coordinate walkthroughs, evidence collection, and control testing with internal and external auditors.
• Partner with Global Architecture, Engineering, and Product teams to assess the SOX impact of new technologies and system changes.
• Monitor and track remediation of control deficiencies, ensuring timely resolution and sustainable fixes.
• Support quarterly SOX certifications and management attestations related to new systems and changes.
• Maintain centralized documentation and evidence repositories to support audit and compliance activities.
• Provide regular reporting and metrics on SOX SDLC program health, control coverage, and remediation status.
• Educate and train project teams and control owners on SOX requirements and best practices.

Qualifications:

• 5+ years of experience in IT Audit, Security GRC, or SOX compliance, with a strong focus on SDLC, access management, and change management controls.
• Big 4 or equivalent IT Audit experience required, with demonstrated expertise in evaluating ITGCs and application controls.
• Deep understanding of SOX Section 404, including risk assessment, control design, and testing methodologies.
• Proven experience defining, documenting, and implementing SOX controls in system development and project environments.
• Strong knowledge of ITGC domains: access controls, change management, IT operations, and SDLC.
• Familiarity with retail systems (e.g., Oracle EBS, RMS, OMS, WMS) and their SOX implications.
• Experience with cloud platforms (AWS, Azure), SaaS applications, and their impact on SOX compliance.
• Ability to collaborate with stakeholders and control owners to drive accountability and ownership for technology controls and facilitate an environment of continuous compliance
• Proficiency with GRC tools such as ServiceNow, Jira, or Archer for managing change and compliance workflows.
• Strong communication and stakeholder engagement skills, with the ability to influence cross-functional teams.
• Ability to manage multiple priorities in a fast-paced, global environment.
• Professional certifications such as CISA, CPA, CISSP, or CIA are required.

Must haves:

• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness and creates the space for others to do the same.
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working, aka doesn t take themselves too seriously.

Job Tags

Similar Jobs