Position Overview

The SOX Compliance Business Manager leads the day‑to‑day activities of the SOX program, including scoping, documentation, testing, issue remediation, and management reporting. The role reports to the Director of Internal Controls and partners closely with Finance, IT, and business process owners to ensure internal controls over financial reporting are designed, implemented, and operating effectively in line with SOX requirements and COSO.

 

Here's What You'll Do:

• Develop and maintain the annual SOX compliance testing plan, including timelines, milestones, and resource needs for testing and reporting.
• Coordinate SOX risk assessment to identify key financial reporting risks, significant accounts, processes, and in‑scope entities.
• Oversee documentation of end‑to‑end processes, risks, and controls (RCM, narratives, flowcharts) in alignment with the COSO framework and company policies.
• Perform, lead and review design and operating effectiveness testing of key controls in collaboration with SOX analysts including sampling, walkthroughs, and re‑performance, ensuring sufficient evidence is retained.
• Identify, assess, and document control deficiencies, determine severity (deficiency vs significant deficiency vs material weakness), and work with owners on remediation plans and retesting.
• Monitor remediation status, track action plans to closure, and escalate overdue or high‑risk items to senior management and the audit committee as needed.
• Prepare clear, concise SOX status reports and dashboards for management, including testing progress, issues, remediation, and overall control conclusions.
• Serve as a liaison with external auditors on SOX scope, testing approaches, documentation requests, and issue resolution.
• Provide subject matter expertise, training and guidance to process and control owners on SOX requirements, control design, documentation standards, and evidence expectations/requirements.
• Support related internal controls and governance related initiatives where they intersect with SOX.

 

What You Bring to the Table:

• Bachelor’s degree in accounting, finance, business, or a related field.
• 5-8+ years of progressive experience in SOX, internal audit, external audit, or internal controls, with a strong focus on ICFR.
• Solid knowledge of SOX 404 requirements, PCAOB standards, and internal control frameworks such as COSO.
• Professional designation such as CPA, CA, CIA, or CISA is highly preferred.
• Experience working with ERP and GRC tools (e.g., NetSuite, Salesforce, etc.) and commonly used GRC platforms (e.g. Workiva, Resolver, etc.)

• Strong understanding of financial reporting processes, internal controls, and risk assessment techniques.
• Analytical and problem‑solving skills, with the ability to evaluate control design and identify practical, risk‑based improvements.
• Excellent written and verbal communication skills, including ability to explain SOX concepts to non‑experts and influence senior stakeholders.
• High attention to detail, strong organization, and ability to manage multiple concurrent projects and deadlines.
• Collaborative team mindset with the confidence to challenge, negotiate, and drive remediation across functions.