Sarbanes Oxley (SOX) IT Compliance Supervisor
ABM Industries · Dunwoody, GA · 1 wk ago
FinanceFull-time
Responsibilities
- Lead and oversee the IT General Controls (ITGC) program to ensure SOX compliance across enterprise systems.
- Supervise and develop two IT SOX Analysts: review testing, documentation, and conclusions for quality and consistency.
- Cook up ITGC risk assessments, control documentation, walkthroughs, and testing activities.
- Evaluate control design and operating effectiveness across access management, change management, and IT operations.
- Identify control deficiencies, assess risk impact, and drive remediation planning with technology stakeholders.
- Track and report on remediation progress; validate corrective actions and escalate risks as needed.
- Serve as primary liaison with Internal Audit and external auditors for IT SOX-related activities.
- Prepare executive-ready reporting on control performance, deficiencies, and compliance status.
- Support continuous improvement initiatives to enhance control effectiveness, automation, and overall control maturity.
- Identify strengths and weaknesses in team members and provide training to improve skills and knowledge.
- Remain current with emerging trends in SOX compliance and share knowledge with colleagues.
Qualifications
- Education: Bachelor’s degree in Information Systems, Computer Science, Accounting, Business, or related field.
- Experience: 6+ years of experience in IT audit, IT risk management, IT compliance, or information security governance. 3+ years of direct experience supporting SOX IT General Controls (ITGC), including control design and operating effectiveness testing.
- Strong knowledge of ITGC domains, including logical access, change management, and IT operations.
- Experience working within a publicly traded organization.
- Demonstrated experience leading, mentoring, or supervising team members.
- Experience partnering with Internal Audit and supporting external audit engagements.
- Strong written and verbal communication skills, including experience preparing executive-level reporting.
- Licenses: Preferable, but not required CRISC, CISA, CIA CISSP or equivalent.