Sarbanes Oxley (SOX) IT Compliance Supervisor

Overview

The SOX IT Supervisor is responsible for leading the design, execution, monitoring, and continuous improvement of ABM’s IT General Controls (ITGC) program in support of Sarbanes-Oxley (SOX) compliance. This role sits within the Information Security GRC function and partners closely with Internal Audit, external auditors, and technology stakeholders to ensure the effectiveness of IT controls across enterprise systems and platforms.

The Supervisor will provide oversight of control testing, deficiency evaluation, remediation tracking, and IT technology executive reporting. The ideal candidate combines strong technical knowledge of ITGC domains with leadership capability and the ability to operate effectively in a complex environment. 

ABM offers a comprehensive benefits package.  For information about ABM’s benefits, visit:

Recruiting Flyer - Staff & Mgmt

Responsibilities

• Lead and oversee the IT General Controls (ITGC) program to ensure SOX compliance across enterprise systems.
• Supervise and develop two IT SOX Analysts: review testing, documentation, and conclusions for quality and consistency.
• Coordinate ITGC risk assessments, control documentation, walkthroughs, and testing activities.
• Evaluate control design and operating effectiveness across access management, change management, and IT operations.
• Identify control deficiencies, assess risk impact, and drive remediation planning with technology stakeholders.
• Track and report on remediation progress; validate corrective actions and escalate risks as needed.
• Serve as primary liaison with Internal Audit and external auditors for IT SOX-related activities.
• Prepare executive-ready reporting on control performance, deficiencies, and compliance status.
• Support continuous improvement initiatives to enhance control effectiveness, automation, and overall control maturity.
• Identify strengths and weaknesses in team members and provide training to improve skills and knowledge.
• Remain current with emerging trends in SOX compliance and share knowledge with colleagues. 

Qualifications

Education: 

• Bachelor’s degree in Information Systems, Computer Science, Accounting, Business, or related field.

Experience: 

• 6+ years of experience in IT audit, IT risk management, IT compliance, or information security governance.
• 3+ years of direct experience supporting SOX IT General Controls (ITGC), including control design and operating effectiveness testing.
• Strong knowledge of ITGC domains, including logical access, change management, and IT operations.
• Experience working within a publicly traded organization.
• Demonstrated experience leading, mentoring, or supervising team members.
• Experience partnering with Internal Audit and supporting external audit engagements.

• Strong written and verbal communication skills, including experience preparing executive-level reporting.

   

Licenses: 

Preferable, but not required CRISC, CISA, CIA CISSP or equivalent.

Education:

• Bachelor’s degree in Information Systems, Computer Science, Accounting, Business, or related field.

   

Experience:

• Three to Six-plus years’ experience in IT audit, SOX ITGC documentation and testing. 

Other:

• Familiarity with ERP systems such as SAP, Oracle, or Workday.
• Experience with GRC platforms (e.g., Navix, AuditBoard).
• Working knowledge of identity and access management (IAM), privileged access management (PAM), and cybersecurity control frameworks.
• Experience supporting automated controls and IT-dependent manual controls.
• Exposure to cloud environments (AWS, Azure, GCP) and related ITGC considerations.
• Strong written and oral communication skills across varying levels of the organization.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• Organized, with the ability to prioritize and respond within defined SLAs.
• Generally familiar with one or more but not limited to: PCI, FFIEC, SOX, HIPAA, GDPR, CCPA and GLBA.
• Preferably some experience with Microsoft Azure or Oracle Cloud environments. 
• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
• High degree of integrity, trustworthiness, professionalism and character.

Licenses:

Preferable, but not required CRISC, CISA, CIA CISSP or equivalent.

Working Environment and Travel Requirements:

•    Corporate office environment.  4 days a week in the office.