Apply on Employer Site

Macy's · 1 month ago

Sr. Manager, IT SOX Risk and Compliance

145 Progress Place, Springdale, OH, 45246, US

Full-time

Onsite

Senior Level, Lead/Staff, Director/Executive

$88K/yr - $146K/yr

4+ years exp

Macy's is a storied company that has captured the hearts of America for over 160 years. The Senior Manager, IT SOX Risk & Compliance will oversee the company's internal controls within the SOX compliance program, collaborating with various teams to ensure compliance and improve the IT control environment.

Consumer GoodsFashionRetail

Responsibilities

Plan, oversee, and manage the testing and monitoring of IT general controls and automated application controls as part of the SOX 404 compliance program. Ensure that IT control scope is appropriate and that key financial reporting risks related to technology and key financial applications (KFAs) are adequately mitigated through effective controls

Act as the liaison between IT, Finance, and Audit teams for all SOX IT control matters. Work with control owners and process owners to perform IT risk assessments, define SOX scope for systems and processes, and align on testing schedules and requirements

Ensure timely and accurate execution of IT control activities (e.g. user access reviews, change management procedures, SDLC, etc.) are executed properly by control owners and documented timely with sufficient evidence. Maintain comprehensive SOX documentation in Workiva, including RACMs, flowcharts, system diagrams, and control procedures

Coordinate with Internal Audit and external auditors on IT control testing, walkthroughs, and data requests. Provide auditors with required information, support management testing (executed by Internal Audit on behalf of management), and help ensure auditors can place reliance on the Company’s own evaluation of IT controls where appropriate

Monitor IT test results and self-assessments to identify design or operating deficiencies. Lead remediation efforts, including root cause analysis, corrective action planning, and verification of remediation effectiveness

Provide expertise in designing effective IT controls for new systems, processes, or changes (e.g. system implementations or upgrades). Train and guide control owners on internal control requirements and best practices for ITGCs and application controls, enhancing their understanding and accountability

Identify opportunities to strengthen and streamline the IT control environment, including automation and improved monitoring. Promote strong IT governance developing best practice guidelines, facilitating control training sessions, and keeping abreast of emerging IT risks (e.g. cybersecurity threats, Mainframe retirement, etc.) that could impact financial reporting and key financial applications

Develop and deliver reporting on control program status, testing progress, issues, and remediation to appropriate leadership ensuring transparency and timely escalation

Foster an environment of acceptance and respect that strengthens relationships, and ensures authentic connections with colleagues, customers, and communities

Qualification

SOX Section 404IT General ControlsGRC software proficiencyAudit coordinationAnalytical skillsProcess improvementProblem-solvingLeadership & influenceEthical standardsCoaching & trainingChange managementCommunicationCollaborationProject management

Required

Candidates with a Bachelor's degree or equivalent work experience in a related field are encouraged to apply

4+ years of experience in internal controls, SOX compliance, audit (public or internal), or risk management in a public company environment

3+ years of leadership or management experience in a controls or compliance-focused role

Deep knowledge of SOX Section 404, IT risk management principles and IT General Controls (ITGCs) including access, change management and data backup/recovery

Skilled in using GRC software platforms (e.g., Workiva) to document, monitor, and test controls

Experienced in coordinating with Big Four audit firms, including walkthroughs, testing, and control assessments

Proven ability to assess IT risks, evaluate IT control effectiveness, and identify IT control deficiencies

Strong root cause analysis skills and ability to develop practical remediation plans

Ability to identify opportunities for automation, control optimization, and efficiency

Strong executive presence with ability to influence and guide leaders in a matrixed environment

Demonstrated commitment to compliance, governance, and setting the right organizational tone

Excellent written, verbal, and presentation skills with clarity and confidence at all levels

Skilled at building trust, credibility, and partnerships across Finance, IT, Audit, and business teams

Ability to educate and support control owners on requirements and best practices

Proven ability to manage multiple projects, competing priorities, and deliver results under tight deadlines

Flexible and adaptive work style to drive execution in a fast-paced, dynamic environment

Preferred

Master's degree preferred

Benefits

Merchandise discounts

Performance-based incentives

Annual merit review

Employee Assistance Program with mental health counseling and legal/financial advice

Tuition reimbursement

Company

Macy's

Glassdoor3.4

Macy's is America’s store for life. The largest retail brand of Macy's, Inc.

Founded in 1858

New York, New York, USA

10001+ employees

http://www.macysjobs.com

Funding

Current Stage

Late Stage

Leadership Team

Bobby Amirshahi

Senior Vice President, Corporate Communications + Public Affairs

Michael Krans

VP of media network

Recent News

masslive

Macy’s is closing 14 stores nationwide — including 5 in Northeast: Full list here

2026-01-16

Maryland Daily Record

Macy’s closing more stores, including 1 in MD

2026-01-16

AL.com

Major department store chain closing 14 more stores

2026-01-14

Company data provided by crunchbase