IT Manager - SOX Audit & Compliance

Job ID: 525836

Ash Grove family of companies is one of North America’s leading cement manufacturers, with a legacy of innovation and excellence dating back to 1882. The company operates 12 world-class cement plants and a vast network of 41 terminals across the United States and Canada. Renowned for its forward-thinking approach, Ash Grove combines technical expertise, robust safety standards, and empowered talent to deliver high performance and better serve our customers. At Ash Grove, we stand together to reinvent the way our world is built.

To learn more about us go to www.ashgrove.com 

At Ash Grove Cement, people are our first priority. We offer a complete benefits package to include:  

Company Benefits: 

• Family Culture – We treat our team like family 
• Medical/Dental/Vision/Prescription 
• Generous Paid Time Off 
• 11 Paid Holidays per year 
• 401k with 5% company match & profit sharing  
• Opportunities for Internal Mobility 
• Professional Development Opportunities 
• Training Provided 
• Tuition Reimbursement Program - We'll assist with continuing education that aligns with your career goals 
• Employee Assistance Program 
• Company Paid Life Insurance 
• Short- & Long-Term Disability 
• Company Discounts on products, goods, services, electronics, automotive, travel & more! 
• Opportunities for Community Engagement 
• Potential Relocation Packages

Summary:

The IT Manager - SOX, Audit, and Compliance designs, implements, and oversees the ongoing operating effectiveness of the company’s IT compliance program. The position leads all IT Sarbanes-Oxley (SOX) compliance activities, manages the full IT audit lifecycle for internal and external audits, and drives continuous improvement of IT General Controls (ITGCs) and IT Application Controls (ITACs) across the enterprise. This position serves as the primary liaison between IT, internal audit, external auditors, finance, and business stakeholders — ensuring the organization maintains the highest standards of data integrity, financial compliance, and IT control. The IT Manager - SOX, Audit and Compliance position also provides proactive advisory support on control design for new system implementations, ERP changes, and cloud migrations, embedding compliance-by-design across the technology landscape.

What you’ll be contributing: 

• Promote and follow all plant safety guidelines. 
• Own and manage the end-to-end IT SOX compliance program, including annual risk assessments, scoping, control mapping, and documentation of Risk and Control Matrices (RCMs) and process narratives for all in-scope systems
• Identify, assess, and test IT General Controls (ITGCs) covering logical access, change management, computer operations, and data backup/recovery across complex ERP and business-critical applications
• Identify and assess IT Application Controls (ITACs) for in-scope financial systems, including ERP platforms and supporting reporting tools
• Review and refresh the annual SOX scope; identify opportunities for control rationalization, automation, and testing approach improvements
• Partner with control owners to maintain and update process narratives, flowcharts, and standard operating procedures annually and following control changes
• Serve as the primary point of contact and liaison between IT and internal/external auditors for all IT audit and compliance activities
• Coordinate and facilitate audit walkthroughs, evidence collection, control testing, and stakeholder interviews across all audit cycles
• Manage external audit requests in a timely and organized manner; track and report on audit deliverable status to IT and finance leadership
• Align SOX testing approach and expectations with external auditors and control owners to ensure consistency with PCAOB standards and industry best practices
• Evaluate ITGCs and ITACs against applicable regulatory frameworks, including SOX/COSO, COBIT, NIST CSF, and ISO 27001; identify control gaps and design risk-based mitigation strategies
• Research and assess control deficiencies; collaborate with management and process owners to design practical remediation plans and track progress through to verified resolution
• Monitor emerging regulatory changes (SOX, HIPAA, GDPR, CCPA, state-level data privacy) and assess the impact on the IT control environment
• Maintain a current, comprehensive inventory of IT controls, compliance activities, deficiency status, and remediation tracking; deliver regular reporting to IT and executive leadership
• Partner with IT project teams, application owners, and engineering to provide proactive, risk-based guidance on control design for new system deployments, ERP upgrades, application changes, and cloud migrations
• Review and advise on IT change management, access provisioning, and security configuration for new platforms before go-live to ensure SOX and compliance requirements are embedded by design
• Serve as the IT compliance subject matter expert on cross-functional initiatives involving finance, accounting, and operations technology
• Develop, implement, and maintain IT compliance policies and procedures aligned with SOX, applicable regulations, and organizational risk appetite
• Design and deliver targeted compliance training and awareness programs for IT staff, control owners, and other stakeholders
• Maintain clear, accurate, and audit-ready documentation of IT controls, policies, testing results, and audit findings at all times
• Leverage GRC tools (e.g., AuditBoard, Workiva) and data analytics to enhance control monitoring, automate evidence collection, and improve audit efficiency
• Identify and implement opportunities to modernize the IT compliance program through tooling, scripting, and workflow improvements
• Benchmark the company’s IT compliance program against industry peers and leading practices; recommend enhancements to the Director
• Additional duties as assigned by supervisor 

To succeed in this position, you will need:

• Ability to read, write and understand warning labels, instructions, signs, etc. 
• Minimum 4 Year / Bachelor's Degree in information technology, management information systems (MIS), computer science, accounting or a related field. 
• Minimum 5 years of progressive experience in in IT SOX compliance, IT audit, IT risk managment, or a combined IT audit capacity. Hands-on experience with ERP platforms used in industrial and manufacturing environments — specifically JD Edwards (EnterpriseOne), SAP S/4HANA or ECC, or Oracle Fusion — including knowledge of their ITGC and ITAC control structures. Experience with cloud infrastructure security and controls in AWS or Azure environments, particularly for SOX in-scope applications. Working knowledge of database platforms (SQL Server, Oracle) and operating systems (Windows Server, Linux/UNIX) from a controls and audit perspective. Experience with data analytics tools (Power BI, ACL/Galvanize, Tableau) for audit testing and continuous monitoring. Experience in manufacturing, building materials, cement, or heavy industrial IT environments. PMP certification or demonstrated project management experience supporting compliance program delivery.
• Demonstrated hands-on experience assessing and testing ITGCs and ITACs for complex ERP and enterprise applications in support of SOX 404 audits
• Direct experience coordinating with external auditors (including Big 4 firms) and supporting PCAOB-compliant SOX testing programs
• Strong working knowledge of IT governance and compliance frameworks: SOX/COSO, COBIT, NIST CSF, and/or ISO 27001
• Experience with GRC or audit management platforms (AuditBoard, ServiceNow, Workiva, or equivalent)
• Excellent verbal and written communication skills; ability to present technical findings clearly to non-technical stakeholders and senior leadership
• Ability to work independently and collaboratively, manage multiple concurrent workstreams, and meet strict audit deadlines
• Domestic travel up to 25%

Compensation:

• Compensation: $125,100.00 - $152,900.00 USD
• Eligible for yearly bonus 

What’s next for you? 

We provide stability and advancement opportunities across North America. Use our tuition reimbursement program to help you meet your career goals.

The above duties and responsibilities are representative of the nature and level of work assigned and are not necessarily all-inclusive. The physical demands, working environment, and other conditions of employment listed in this document are representative of but are not intended to provide an exhaustive list of the requirements for positions in this classification. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.  

What CRH Offers You

• Highly competitive base pay
• Comprehensive medical, dental and disability benefits programs
• Group retirement savings program
• Health and wellness programs
• An inclusive culture that values opportunity for growth, development, and internal promotion

About CRH

CRH has a long and proud heritage. We are a collection of hundreds of family businesses, regional companies and large enterprises that together form the CRH family. CRH operates in a decentralized, diversified structure that allows you to work in a small company environment while having the career opportunities of a large international organization.

If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!

Ash Grove Cement, a CRH Company, is an Affirmative Action and Equal Opportunity Employer.

EOE/Vet/Disability