SOX ITGC Manager- Onsite

Role Summary

SOX ITGC Manager- Onsite responsible for ensuring SOX 404 compliance and maintaining robust IT General Controls across the organization. Acts as a liaison between business, internal audit, and external auditors, contributing technical and control expertise to assess and manage IT risks while supporting business objectives. Reports to the Senior Director, Accounting.

Responsibilities

• Plan, coordinate and execute all phases of IT SOX Compliance.
• Update the IT scoping and risk assessment.
• Manage documentation, preparation, and testing of SOX 404 controls related to IT and finance processes, including risk and control matrices and process flowcharts as needed.
• Ensure IT systems and financial processes comply with SOX and are properly designed for in-scope processes and global entities.
• Collaborate with internal and external auditors to support annual testing and audits.
• Identify control gaps and propose corrective actions for continuous compliance; challenge existing controls and implement best practices.
• Oversee maintenance and monitoring of IT General Controls (ITGC) aligned with corporate and regulatory requirements.
• Ensure IT controls are integrated into business processes and follow industry best practices.
• Manage quarterly ITGC effectiveness assessments, including quarterly control certifications and compliance.
• Assess risks of financial and IT systems and develop mitigation strategies with cross-functional teams.
• Manage evaluation and remediation of control deficiencies; review IT-related financial transactions for ITGC policy compliance.
• Act as a liaison between Finance, IT, and internal audit to facilitate communication.
• Coordinate and support IT Audit Process for 404, including timelines, testing strategies, and expectations.
• Advise business units on internal controls and IT processes to meet financial reporting objectives.
• Provide training and support on SOX and ITGC compliance, controls, and best practices.
• Identify automation and process-improvement opportunities to enhance control environments, including AI considerations.
• Recommend process optimizations and collaborate with IT teams to design solutions that strengthen internal controls.
• Support ad-hoc implementations with Finance/Accounting impact to assess 404 and financial implications.
• Maintain clear documentation of processes, controls, and remediation actions.
• Own and maintain the AuditBoard platform for quarterly controls and SoxHub maintenance.
• Prepare regular reports for senior management on SOX 404 compliance and ITGC effectiveness; ensure timely reports for Audit Committee and external auditors.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Accounting, Finance, or related field.
• CPA, CIA, CISA, or similar certification highly preferred.
• 5+ years of experience in SOX 404 compliance, ITGC, internal controls, or finance/business partnering with a SOX focus; public accounting experience preferred.
• Strong understanding of SOX 404 requirements and ITGC frameworks.
• Experience with IT systems, ERP platforms, and financial reporting processes.
• Experience working with internal and external auditors in compliance audits.
• Strong knowledge of IT control frameworks such as COBIT, COSO, or similar.
• Proven ability to work effectively with both finance and IT teams.
• Analytical and problem-solving skills; strong written and interpersonal communication skills.
• Ability to manage multiple tasks, prioritize, and meet deadlines.
• Proficiency in Microsoft Excel, PowerPoint, and other financial reporting tools.
• Understanding of ERP systems (NetSuite, Coupa) and IT controls in financial processes.
• Experience in life sciences or healthcare is a plus; familiarity with cloud computing, AI, and cybersecurity in relation to internal controls is helpful.

Education

• Educational background as listed in qualifications (degree in related field).

Additional Requirements

• Employer is an EEO/Disability/Vets employer.
• Onsite role; travel requirements not specified.