Senior Manager, IT General Controls (ITGC) Audit
Position Summary
The Senior Manager, IT General Controls (ITGC) Audit is responsible for leading the company's IT General Controls (ITGC) program and ensuring compliance with SOX, regulatory requirements, and industry best practices. This role partners closely with IT, Finance, Internal Audit, and external auditors to assess technology risks, strengthen governance, and improve internal controls that support the organization's financial reporting and operational objectives.
Key Responsibilities
Lead the ITGC program, including planning, testing, documentation, and continuous improvement.
Evaluate and monitor key IT controls, including user access, privileged access, change management, system operations, backup and recovery, and system development lifecycle (SDLC).
Coordinate IT SOX compliance activities and serve as the primary liaison with internal and external auditors.
Identify control deficiencies, recommend practical remediation plans, and track corrective actions through completion.
Perform IT risk assessments and provide recommendations to strengthen governance and reduce technology risk.
Develop and maintain IT policies, standards, and procedures aligned with SOX, COBIT, ITIL, COSO, and NIST frameworks.
Partner with IT leadership on major technology initiatives to ensure appropriate controls are incorporated into system implementations and operational processes.
Prepare and present audit findings, risk assessments, and compliance metrics to leadership.
Qualifications
Bachelor's degree in Information Systems, Accounting, Computer Science, MIS, or related field.
8+ years of experience in IT Audit, IT Risk, IT Compliance, or Information Security, including 3+ years in a leadership role.
Strong knowledge of SOX 404, IT General Controls, COBIT, ITIL, COSO, and NIST.
Experience auditing enterprise applications, ERP systems, identity and access management, cloud technologies, and infrastructure controls.
Professional certifications such as CISA, CIA, CISSP, CPA, or CRISC are preferred.
Preferred Experience
Consumer Packaged Goods (CPG) or manufacturing industry experience.
ERP implementations or migrations (Infor LN, SAP, Oracle, or Microsoft Dynamics).
Experience with ServiceNow governance, cybersecurity compliance, and business transformation initiatives.