Senior Manager of IT SOX Compliance

Job Summary

The Senior Manager of IT SOX Compliance is responsible to lead the enterprise-wide IT SOX compliance program with a focus on governance, risk assessment, control design evaluation, and program oversight. The SOX team does not perform control testing, so this role serves in an advisory capacity centered around program ownership, risk and control design oversight, coordination with control owners, facilitation of remediation, training, and partnership with Internal Audit and external auditors.

Duties and Responsibilities (other duties as assigned)

• Lead the company’s IT SOX compliance program, ensuring that financial reporting risks tied to technology and data are appropriately mitigated.

• Provide thought leadership on new business initiatives, system implementations, IT policy changes, personnel changes, assessing the impact to the SOX compliance program, and advising the business accordingly.

• Conduct and update risk assessments and scoping, especially around systems supporting financial reporting, revenue recognition, etc.

• Partner with cross-functional stakeholders in IT, Finance, and Internal Audit to maintain strong control design and accountability.

• Maintain and oversee SOX documentation, including risk and control matrices (RCMs), process and data flows, system diagrams, etc.

• Support process owners through training, reviewing, and providing guidance for their processes including, but not limited to, IT General Controls, IT Operations and SOC Reporting. 

• Coordinate the SOX testing calendar, ensuring alignment across Internal Audit, external auditors, and control owners.

• Facilitate the deficiency management and remediation process, from root cause analysis to retesting readiness.

• Support the implementation of automation and continuous control monitoring as part of control enhancement efforts.

• Track and communicate program status, issues, and risks to the Director of SOX Compliance, including preparation of reports for the SOX Steering Committee and Audit Committee.

• Monitor emerging risks in IT compliance, including cybersecurity threats that could impact SOX controls.

Education, Experience & Certifications

• Bachelor’s degree in Information Systems, Accounting, Finance, or related field.

• Relevant professional certification is preferred, such as Certified Information Systems Auditor (CISA), Certified information systems security professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC). 

• 8+ years of relevant experience, including IT SOX, IT audit, or risk management at a public company or Big 4/public accounting firm.

• Ability to travel 15 - 20% on average annually.

Functional Skills

• Strong understanding of SOX 404, COSO, COBIT, and PCAOB standards.

• Familiarity with ITGCs, application controls, key reports, and SOC 1 reports.

• Experience managing a SOX compliance program without direct ownership of testing activities.

• Excellent communication and project management skills; proven ability to influence across departments.

• Comfortable navigating complex IT environments, including ERP systems, cloud platforms, and cybersecurity frameworks.

• A team player and process-oriented focus with excellent interpersonal, analytical, and problem-solving skills.

• Exhibit critical thinking skills and ability to complete tasks with appropriate level of skepticism. 

• Proficiency in annual and rolling SOX scoping based on risk factors and materiality.

• Deep understanding of ITGCs.

• Competence in identifying and assessing application controls, key reports, and interface controls.

• Skilled in documenting IT processes, process and data flows, and risk and control matrices (RCMs).

• Strong project management capabilities for handling timelines, milestones, and dependencies.

• Familiarity with ERP systems (e.g., Oracle Cloud, NetSuite, PeopleSoft).

• Ability to review SOC 1 reports and assess reliance on third-party controls.

• Able to translate complex IT and control concepts into business-friendly language.

• Experience with audit software like AuditBoard is a plus.

• Ability to work remotely with team members in multiple locations. 

Our Values
• EVERYONE BELONGS – We believe connectedness and belonging are the essential ingredients to our success.
• DO THE RIGHT THING –We are relentlessly focused on quality and integrity and make the right choices, even when it's difficult.
• PEOPLE FIRST – To craft positive experiences for our customers, we take care of each other first.
• INNOVATE TO WIN – We champion and challenge for a better way in all we do.
• HAVE FUN – We find joy, create meaningful impact and celebrate the journey together

Our Core Competencies
• CUSTOMER CENTRIC - We leverage data and insights to craft a customer experience that builds relationships, cultivates trust, and delivers excellence
• RESULTS DRIVEN – We focus on measurable outcomes by remaining optimistic, tenacious, and persistent even in the face of challenges.
• CONTINUOUS IMPROVEMENT –We champion for better through strategic risk taking, experimentation and challenging the status quo.
• BIAS FOR ACTION – We courageously lead, drive towards decisions, and maintain agility to meet the demands of our dynamic industry.
• WINNING TOGETHER – We work together to unlock our full potential by actively collaborating and contributing in a cross-functional capacity
     
    Papa Johns is an equal opportunity employer.