Technology Controls Governance Jobs (NOW HIRING)

Position Summary

The Manager of Internal Controls - Technology Risk will serve as an expert for IT General Controls (ITGCs), automated controls, systems governance, and technology-enabled ICFR compliance as part of the development and execution of GrubMarket’s Internal Controls & Sarbanes-Oxley (“SOX”) Compliance program. You will help architect and execute GrubMarket’s IT control strategy across a highly decentralized and rapidly expanding technology footprint, which includes both corporate systems and subsidiary entity environments.

This role will be responsible for developing IT controls methodology, supporting SOX readiness, and partnering closely with Engineering, IT Operations, Security, and Finance to ensure technology risks are identified, mitigated, and monitored proactively.

The ideal candidate has deep SOX ITGC experience, strong understanding of system architecture/governance, excellent documentation and communication skills, and the ability to influence without authority across business and technical teams.

What You’ll Do

• Develop and implement the Company’s ITGC and technology-enabled control strategy, aligning with COSO, COBIT, PCAOB standards, and SOX requirements.

• Lead the ITGC evaluation process, including access provisioning, user access reviews, SOD design, privileged access governance, change management, and IT operations.

• Own Design & Implementation (D&I) assessments and documentation for all IT-dependent controls, including automated controls and system-generated reports. Assess systems at Corporate and across DBAs, identify gaps, and design scalable control activities for environments with varying levels of maturity.

• Partner with Engineering and IT Ops to develop governance processes for system changes, deployments, code review, and release management.

• Work cross-functionally to implement SOD standards, access governance, and long-term remediation plans across all key systems, including NetSuite and subsidiary tools.

• Support ERP expansion and system integration initiatives, ensuring that internal controls and audit requirements are embedded in future architecture.

• Document and continuously update RCMs, narratives, process flows, IT risk assessments, and control documentation.

• Collaborate with auditors on walkthroughs, documentation reviews, and independent examination of IT controls.

• Prepare reports and presentations summarizing IT control findings, risks, and remediation progress for senior management and the Audit Committee.

• Develop SOPs, KPIs, and performance dashboards that increase oversight and transparency into IT control performance.

• Mentor and develop junior staff, helping build long-term internal IT controls capability.

• Support special projects, including cyber controls uplift, system consolidations, data governance, and automation initiatives.

What You’ll Bring

• Significant IT audit and ITGC experience from public accounting, consulting, or internal audit.

• Strong command of SOX ITGC requirements, including access management, change management, SOD, and system operations.

• In-depth understanding of COSO, COBIT, PCAOB audit standards, and general IT risk frameworks.

• Ability to evaluate and challenge system configurations, segregation of duties, and user access structures.

• Strong communication skills and ability to translate technical issues into business-focused recommendations.

• Demonstrated experience addressing ITGC deficiencies and building sustainable long-term solutions.

• Strong organizational skills and ability to manage multiple complex initiatives concurrently.

• Experience managing or implementing GRC and access governance tools; familiarity with automation and data analytics is a plus.

Education & Experience

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.

• 6+ years of relevant IT audit/IT risk/SOX experience.

• Professional certifications preferred (CISA, CIA, CPA, CISSP).

• Experience working in complex, acquisition-driven or decentralized environments is strongly preferred.

• Experience with ERP systems, cloud environments, and modern engineering practices.