Sr. Manager, IT SOX Risk and Compliance

Be part of an amazing story

Macy's is more than just a store. We're a story. One that's captured the hearts and minds of America for more than 160 years. A story about innovations and traditions...about inspiring stores and irresistible products...about the excitement of the Macy's 4th of July Fireworks, and the wonder of the Thanksgiving Day Parade. We've been part of memorable moments and milestones for countless customers and colleagues. Those stories are part of what makes this such a special place to work.

Job Overview

The Senior Manager, IT SOX Risk & Compliance oversees and executes the Company's internal controls within the Sarbanes-Oxley (SOX) compliance program. Reporting to the Director, GRC, the Senior Manager leads and facilitates control activities for IT General Controls (ITGCs) and critical application controls to ensure compliance with SOX Section 404 and alignment with the COSO internal control framework. The role serves as a key cross-functional partner, collaborating with IT teams, business process owners, Internal Audit, and external auditors to assess risk, evaluate control effectiveness, and remediate deficiencies. The Senior Manager, IT SOX Risk & Compliance also drives continuous improvement of the IT control environment and promotes strong IT governance practices across the organization.

What You Will Do

• Plan, oversee, and manage the testing and monitoring of IT general controls and automated application controls as part of the SOX 404 compliance program. Ensure that IT control scope is appropriate and that key financial reporting risks related to technology and key financial applications (KFAs) are adequately mitigated through effective controls.
• Act as the liaison between IT, Finance, and Audit teams for all SOX IT control matters. Work with control owners and process owners to perform IT risk assessments, define SOX scope for systems and processes, and align on testing schedules and requirements.
• Ensure timely and accurate execution of IT control activities (e.g. user access reviews, change management procedures, SDLC, etc.) are executed properly by control owners and documented timely with sufficient evidence. Maintain comprehensive SOX documentation in Workiva, including RACMs, flowcharts, system diagrams, and control procedures.
• Coordinate with Internal Audit and external auditors on IT control testing, walkthroughs, and data requests. Provide auditors with required information, support management testing (executed by Internal Audit on behalf of management), and help ensure auditors can place reliance on the Company's own evaluation of IT controls where appropriate
• Monitor IT test results and self-assessments to identify design or operating deficiencies. Lead remediation efforts, including root cause analysis, corrective action planning, and verification of remediation effectiveness.
• Provide expertise in designing effective IT controls for new systems, processes, or changes (e.g. system implementations or upgrades). Train and guide control owners on internal control requirements and best practices for ITGCs and application controls, enhancing their understanding and accountability.
• Identify opportunities to strengthen and streamline the IT control environment, including automation and improved monitoring. Promote strong IT governance developing best practice guidelines, facilitating control training sessions, and keeping abreast of emerging IT risks (e.g. cybersecurity threats, Mainframe retirement, etc.) that could impact financial reporting and key financial applications.
• Develop and deliver reporting on control program status, testing progress, issues, and remediation to appropriate leadership ensuring transparency and timely escalation.
• Foster an environment of acceptance and respect that strengthens relationships, and ensures authentic connections with colleagues, customers, and communities.
• In addition to the essential duties mentioned above, other duties may be assigned.

Skills You Will Need

Technical Expertise: Deep knowledge of SOX Section 404, IT risk management principles and IT General Controls (ITGCs) including access, change management and data backup/recovery.
GRC Systems Proficiency: Skilled in using GRC software platforms (e.g., Workiva) to document, monitor, and test controls.
Audit Partnership: Experienced in coordinating with Big Four audit firms, including walkthroughs, testing, and control assessments.
Analytical Skills: Proven ability to assess IT risks, evaluate IT control effectiveness, and identify IT control deficiencies.
Problem-Solving: Strong root cause analysis skills and ability to develop practical remediation plans.
Process Improvement: Ability to identify opportunities for automation, control optimization, and efficiency.
Leadership & Influence: Strong executive presence with ability to influence and guide leaders in a matrixed environment.
Ethical Standards: Demonstrated commitment to compliance, governance, and setting the right organizational tone.
Communication: Excellent written, verbal, and presentation skills with clarity and confidence at all levels.
Collaboration: Skilled at building trust, credibility, and partnerships across Finance, IT, Audit, and business teams.
Coaching & Training: Ability to educate and support control owners on requirements and best practices.
Project Management: Proven ability to manage multiple projects, competing priorities, and deliver results under tight deadlines.
Change Management: Flexible and adaptive work style to drive execution in a fast-paced, dynamic environment.

Who You Are

• Candidates with a Bachelor's degree or equivalent work experience in a related field are encouraged to apply. Master's degree preferred.
• 4+ years of experience in internal controls, SOX compliance, audit (public or internal), or risk management in a public company environment. 3+ years of leadership or management experience in a controls or compliance-focused role.
• Regularly required to sit, talk, hear; use hands/fingers to touch, handle, and feel. Occasionally required to move about the workplace and reach with hands and arms. Requires close vision.
• Able to work a flexible schedule based on department and company needs.

What We Can Offer You

Join a team where work is as rewarding as it is fun! We offer a dynamic, inclusive environment with competitive pay and benefits. Enjoy comprehensive health and wellness coverage and a 401(k) match to invest in your future. Prioritize your well-being with paid time off and eight paid holidays. Grow your career with continuous learning and leadership development. Plus, build community by joining one of our Colleague Resource Groups and make a difference through our volunteer opportunities.

Some additional benefits we offer include:

• Merchandise discounts
• Performance-based incentives
• Annual merit review
• Employee Assistance Program with mental health counseling and legal/financial advice
• Tuition reimbursement

Access the full menu of benefits offerings here.

About Us

This is a great time to join Macy's! Whether you're helping a customer find the perfect gift, streamlining operations in one of our distribution centers, enhancing our online shopping experience, buying in-style and on-trend merchandise to outfit our customers, or designing a balloon for the Thanksgiving Day Parade, we offer unique opportunities to be part of some of the most memorable moments in people's lives.

Join us and help write the next chapter in our story - apply today!

This job description is not all-inclusive. Macy's, Inc. reserves the right to amend this job description at any time. Macy's, Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.

FINANCE00