Manager, SOX

About The Position

Requirements

• Bachelor’s degree in information systems, Computer Science, Management Information Systems, Accounting, Finance, or related field
• 5+ years of experience in SOX compliance/Internal Audit in a public company, or IT Audit (Big 4 or another national firm)
• System implementation experience
• Strong working knowledge of SOX, ICFR, and COSO framework
• Experience evaluating control deficiencies (including severity assessment) and leading remediation efforts through closure
• Experience partnering with internal and external auditors and cross-functional stakeholders
• Ability to operate effectively in a complex, growth-oriented organization
• Experience with large ERP or financial systems, including automated controls and system interfaces
• Strong analytical and problem-solving skills
• Highly detail-oriented and efficient, with exceptional planning, prioritization, organizational, and project management skills
• Excellent presentation and communication skills along with the ability to communicate effectively across all levels of the organization
• Able to establish and maintain effective, collaborative work relationships with diverse individuals, internally and externally
• Dedicated learner with a natural curiosity for consistent growth
• Exhibits comfort, ease, and flexibility working in an extremely fast-paced ever-changing, deadline-driven environment
• Cooperative team player with an upbeat, positive, “can-do” attitude!
• Availability to work off-hours and provide on-call support as needed

Nice To Haves

• Certifications (strongly preferred): CISA, CIA, CPA
• Hands-on experience managing SOX Section 404(b) compliance, including management assessments and auditor attestation is a plus
• Experience with GDPR, PCI, and other data privacy regulations is a plus
• Background within retail, payment, and e-commerce sectors

Responsibilities

• SOX Program Ownership & Governance
• Own the end-to-end SOX compliance program for IT, including scoping, risk assessment, control design, testing, remediation, and reporting.
• Lead annual SOX planning and quarterly execution, ensuring timely completion of support required for Internal Audit testing, management certifications and external reporting.
• Ensure compliance with SOX Section 404, COSO framework, and PCAOB standards.
• Prepare, review, and maintain SOX risk and control documentation, including, flowcharts and periodic evidence of control performance.
• Manage all incremental Internal and External Audit testing evidence requests.
• Internal Controls & Risk Management
• Participate in External Audit led IT process and control walkthroughs to evaluate the effective design of IT general controls.
• Ensure timely and accurate evidence of operating effectiveness of key IT General Controls including access management, change management, system monitoring, and data integrity controls is completed by the respective IT control preparers and reviewers.
• Participate in joint testing, with External and Internal Audit, of key application controls and system generated reports used in the performance of the Company’s key business process and IT general controls.
• Identify control gaps, deficiencies, and emerging risks; partner with control owners and Internal Audit to define, document, and track remediation plans.
• Assess the SOX impact of business and technology changes, including new systems, international expansion, franchise growth, organizational changes, and acquisitions.
• For all key technology vendors, ensure appropriate System and Organization Controls (“SOC”) audits are performed and SOC audit reports are reviewed for any deficiencies and mapping of Complementary User Entity Controls (CUECs) to effective controls in the Company’s overall SOX program.
• Information Security Partnership
• Partner closely with Information Security and Security Operations to understand the design and operation of security controls relevant to SOX, including user access, logging, monitoring, and incident response processes.
• Assess the SOX and ICFR impact of security incidents in collaboration with SECOPS, including evaluating whether incidents represent control deficiencies or require remediation or audit disclosure.
• Coordinate the collection and evaluation of security-related evidence required for SOX testing, while maintaining independence from day-to-day security operations.
• Audit Management
• Serve as a primary point of contact for internal and external auditors related to SOX and ICFR matters.
• Coordinate walkthroughs, testing requests, deficiency evaluations, and remediation follow-ups.
• Support management in the evaluation and communication of control deficiencies, including severity assessments and remediation status.
• Process Improvement & Scalability
• Drive continuous improvement of SOX processes by standardizing controls, reducing redundancy, and leveraging automation where appropriate.
• Utilize SOX and GRC tools to improve efficiency, transparency, and documentation quality.
• Stay current on regulatory guidance, SOX best practices, and evolving risks, including those impacting global operations.

Benefits

• Planet Fitness cares about you and your well-being. We offer a comprehensive benefits package to eligible employees which includes the core medical, dental, vision, life and disability as well as supplemental accident, hospital and critical illness coverage options.
• In addition, we are proud to offer eligible employees a generous time off program (including volunteer time), childcare reimbursement, paid parental leave, pet care reimbursement, tuition reimbursement, free Black Card membership, learning and development programs and a whole host of engagement activities.
• We offer a 401(k) Plan with safe harbor employer matching and an employee stock purchase plan.
• This role is also eligible to participate in an annual corporate bonus incentive program based on company financial and personal performance.