IT SOX Compliance Manager

Job Summary

The IT SOX Specialist is responsible for leading the design, execution, monitoring, and continuous improvement of Acuity’s IT General Controls (ITGC) program in support of Sarbanes-Oxley (SOX) compliance. This role sits within the Cyber GRC function and partners closely with Internal Audit, external auditors, and technology stakeholders to ensure the effectiveness of IT controls across enterprise systems and platforms.

Key Tasks & Responsibilities (Essential Functions)

• Lead and oversee the IT General Controls (ITGC) program to ensure SOX compliance across enterprise systems, including control testing, deficiency evaluation, and remediation tracking.
• Coordinate ITGC risk assessments, control documentation, walkthroughs, and testing activities across access management, change management, and IT operations. Evaluate control design and operating effectiveness; identify deficiencies, assess risk impact, and partner with technology stakeholders on remediation planning.
• Track remediation progress, validate corrective actions, and escalate unresolved risks in accordance with governance expectations.
• Serve as the primary liaison with Internal Audit and external auditors, supporting IT SOX requests and ensuring timely, audit‑ready deliverables.
• Prepare executive‑ready reporting on control performance, deficiencies, and overall compliance status, while driving continuous improvement and control maturity.
• Coordinate with IT SOX control owners to obtain evidence, clarify control execution and support remediation activities.

Skills and Minimum Experience Required

• Bachelor’s degree in Computer Science, Finance, Accounting, or equivalent practical experience supporting SOX or IT control programs.
• 5+ years of experience in IT audit, SOX compliance, or IT controls, with demonstrated ownership of ITGCs across enterprise environments (ERP, finance, or core business systems).
• Strong understanding of SOX 404 requirements, IT General Controls (ITGCs), and risk assessment methodologies, with the ability to apply them independently.
• Proven ability to manage multiple assignments and meet deadlines in a dynamic environment.
• Proactive in identifying process gaps and implementing remediation strategies.
• Familiarity with security architecture and business process controls.
• Strong analytical skills with experience reviewing system data, access reports, and technical evidence, and working with Excel-based datasets and reports
• Strong communication and reporting skills, with a proactive and ownership-driven mindset.
• Experience with GRC applications such as Workiva, ProcessUnity, etc