Sr. Manager, IT SOX Risk and Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

Macy's · 2 weeks ago

Sr. Manager, IT SOX Risk and Compliance

positionSpringdale, OH
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$88K/yr - $146K/yr
date4+ years exp

Macy's is a storied company that has been part of memorable moments for over 160 years. The Senior Manager, IT SOX Risk & Compliance oversees the internal controls within the SOX compliance program, collaborating with various teams to ensure compliance and drive improvements in the IT control environment.

Consumer GoodsFashionRetail

Responsibilities

Plan, oversee, and manage the testing and monitoring of IT general controls and automated application controls as part of the SOX 404 compliance program. Ensure the IT control scope is appropriate and that key financial reporting risks related to technology and key financial applications (KFAs) are effectively mitigated
Serve as the liaison between IT, Finance, and Audit teams for all SOX IT control matters. Partner with control owners and process owners to perform IT risk assessments, define SOX scope for systems and processes, and align on testing schedules and requirements
Ensure timely and accurate execution of IT control activities (e.g., user access reviews, change management procedures, SDLC). Confirm that control owners complete activities properly and maintain sufficient documentation. Maintain comprehensive SOX documentation in Workiva, including RACMs, flowcharts, system diagrams, and control procedures
Coordinate with Internal Audit and external auditors on IT control testing, walkthroughs, and data requests. Provide required information, support management testing performed by Internal Audit, and help ensure auditors can rely on the Company’s evaluation of IT controls where appropriate
Monitor IT test results and self-assessments to identify design or operating deficiencies. Lead remediation efforts, including root cause analysis, corrective action planning, and verification of remediation effectiveness
Provide subject-matter expertise in designing effective IT controls for new systems, processes, or changes (e.g., implementations or upgrades). Train and guide control owners on internal control requirements and best practices for ITGCs and application controls
Identify opportunities to strengthen and streamline the IT control environment, including through automation and enhanced monitoring. Promote strong IT governance by developing best-practice guidelines, facilitating control training, and monitoring emerging IT risks (e.g., cybersecurity threats, mainframe retirement) that may impact financial reporting and KFAs
Develop and deliver reporting on program status, testing progress, issues, and remediation activities to leadership, ensuring transparency and timely escalation
Foster an environment of acceptance and respect that strengthens relationships, and ensures authentic connections with colleagues, customers, and communities
In addition to the essential duties mentioned above, other duties may be assigned

Qualification

SOX Section 404IT General ControlsGRC software proficiencyAudit coordinationAnalytical skillsProcess improvementProblem-solvingCoachingChange managementLeadershipCommunicationCollaborationProject management

Required

Bachelor's degree or equivalent work experience in a related field
4+ years of IT related experience in internal controls, SOX compliance, audit (public or internal), or risk management in a public company environment
Deep knowledge of SOX Section 404, IT risk management principles and IT General Controls (ITGCs) including access, change management and data backup/recovery
Skilled in using GRC software platforms (e.g., Workiva) to document, monitor, and test controls
Experienced in coordinating with Big Four audit firms, including walkthroughs, testing, and control assessments
Proven ability to assess IT risks, evaluate IT control effectiveness, and identify IT control deficiencies
Strong root cause analysis skills and ability to develop practical remediation plans
Ability to identify opportunities for automation, control optimization, and efficiency
Strong executive presence with ability to influence and guide leaders in a matrixed environment
Demonstrated commitment to compliance, governance, and setting the right organizational tone
Excellent written, verbal, and presentation skills with clarity and confidence at all levels
Skilled at building trust, credibility, and partnerships across Finance, IT, Audit, and business teams
Ability to educate and support control owners on requirements and best practices
Proven ability to manage multiple projects, competing priorities, and deliver results under tight deadlines
Flexible and adaptive work style to drive execution in a fast-paced, dynamic environment

Preferred

Master's degree

Benefits

Comprehensive health and wellness coverage
401(k) match
Paid time off
Eight paid holidays
Merchandise discounts
Performance-based incentives
Annual merit review
Employee Assistance Program with mental health counseling and legal/financial advice
Tuition reimbursement

Company

Macy's

twittertwittertwitter
Glassdoor3.4
company-logo
Macy's is America’s store for life. The largest retail brand of Macy's, Inc.
dateFounded in 1858
location
New York, New York, USA
people-size10001+ employees
web-link
http://www.macysjobs.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Bobby Amirshahi
Senior Vice President, Corporate Communications + Public Affairs
linkedin
leader-logo
Michael Krans
VP of media network
linkedin

Recent News

mlive
These Flint-area businesses opened and closed in 2025
2026-01-03
Home Textiles Today
Consolidation and Evolution: Our Top 10 retail hit-generators of 2025
2025-12-31
Retail Dive
To see where Macy’s is going, head to Chicago
2025-12-19
Company data provided by crunchbase