• SOX IT Manager

    Job Locations
    US-CA-San Francisco
  • Overview

    The Sarbanes-Oxley (SOX) IT Manager is responsible for leading the IT related components of the SOX Program and continually helping enhance the program to keep up with the dynamic growth of the Bank. Responsibilities include leading the SOX IT team and completion of the SOX IT risk assessment, fraud risk assessment, determining IT in-scope systems and applications, and managing the IT team in the completion of IT walkthroughs and controls testing (e.g. ITGCs, ITACs, etc.), while also closely coordinating IT SOX-related activities with the Bank’s external auditors.


    The SOX IT Manager will work closely with business unit SOX Liaisons to ensure that Internal Controls Over Financial Reporting (ICOFR) are appropriately designed and are operating effectively, SOX compliant control documentation is maintained and that any IT ICOFR deficiencies are assessed for severity, remediated, and reported to the SOX Reporting Committee. In addition, the SOX IT Manager will be an important stakeholder in implementations related to new systems and new accounting standards while assessing their impact on SOX / ICOFR and act in the role of business advisor.


    The SOX IT Manager will report to the Vice President, SOX Program and will work with a mix of direct, indirect and co-sourced team members to manage the process. The IT Manager will also actively participate in decision-making related to the SOX Program.



    • Work closely with the VP, SOX Program, and the SOX Business Process Manager in completing the annual SOX scoping and risk assessment(s), as well as support the Fraud Risk Assessment to ensure compliance with COSO standards and appropriate scoping and coverage of the SOX Program.
    • Coordinate with the IT SOX Liaison(s) as related to IT SOX activities, including walkthroughs, testing, and remediation activities.
    • Lead IT SOX testing with the identification and documentation of IT SOX Controls in coordination with the SOX Business Process Manager, and assist the business in enhancing their documentation.
    • Assess IT ICOFR deficiencies and monitor IT remediation activities. Conclude on the effectiveness of IT ICOFR.
    • Work closely with the Bank’s Vendor Management group, and SOX Liaisons to help identify End User Controls and SOC-1 report reviews.
    • Work closely with the external auditors to ensure the SOX Program meets their requirements in terms of scope, timing and approach; be a key contact for the external auditors related to IT matters.
    • Support the VP, SOX Program in the preparation of IT related materials for the SOX Reporting Committee.
    • Ensure the overall quality, consistency, risk management and adherence to the Corporate SOX Policy.
    • Support the team as a Subject Matter Expert on IT SOX, COSO, ICOFR, for the continuous enhancement of the Program with the potential implementation of a SOX workflow application to automate reporting and systematically connect workpapers.
    • Work with the Business Process Manager to perform assessment(s) of SOX impact of new initiatives, including system implementations.
    • Assist in recruiting, developing and mentoring staff, including career-counseling support by sharing information among the SOX Program Office team, transferring knowledge and providing instructions/guidance as appropriate. Foster and maintain group spirit and high team morale.
    • Be viewed as a leader, management consultant and internal controls expert as part of building and maintaining ongoing relationships with business units.
    • Responsibilities also include the following: 1) adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering (i.e. Bank Secrecy Act, USA PATRIOT Act, etc.), 2) adhering to Bank policies and procedures, 3) completing required training, 4) identifying and reporting potential suspicious activity to the BSA/AML Officer, and 5) knowing and verifying the identity of any customer(s) that enters into a relationship with the Bank. 

    DISCLAIMER: Critical features of this job are described under the items above. They may be subject to change at any time due to reasonable accommodation or other reasons. This job description reflects management’s assignment of essential functions; it does not prescribe or restrict the tasks that may be assigned. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.



    • 7+ years' of IT SOX related experience (with 5+ years' in a supervisory role).
    • Prefer banking and/or financial services experience primarily focused in IT SOX or internal audit, enterprise-wide risk management and ICOFR controls. Should also have in-depth knowledge focused on ITGCs, ITACs, COSO Framework, and baseline understanding of business process controls consulting.
    • Big 4 Accounting Firm experience is preferred.
    • Ability to define deliverables, build budgets and project plans, align resources and specialists for project teams.
    • Demonstrated project management skills and organizing ability with successful experience in concurrently managing multiple projects at varying levels of technical difficulty at the same time.
    • Strong teamwork, analytical, and communication skills.
    • Professional certification(s), such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CPA, CFA, CIA and/or PMP are preferred.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed