Risk and Control Manager IT SOX, GFRC

Are you excited about driving SOX compliance in a fast paced dynamic tech-forward environment Come join our Global Financial Risk and Controls (GFRC) controls team to lead the IT SOX program.

GFRC oversees internal controls over financial reporting subsidiary compliance internal controls readiness process improvements and other enterprise compliance activities. We are a subject matter expertise team that builds designs and consults with control owners across the enterprise. This role will require a deep understanding and experience with all aspects of internal controls including financial information technology systems for a complex high-growth stage multi-disciplinary organization.

We are currently looking for experienced candidates who have held similar positions in large public companies or who have held a similar position within the advisory practice of a Big 4 public accounting firm serving Fortune 500 clients for 8 years. Requirements for this position also include a deep knowledge the COSO 2013 framework and SEC/PCAOB regulations as well as the demonstrated ability to design and monitor an effective global risk-based internal control environment. Additionally demonstrated experience in working collaboratively to accomplish challenges will be expected as this is an ongoing requirement for this position.

Key job responsibilities
IT SOX Program Management
Executing on IT SOX controls strategies including maintaining and improving program policies and procedures
Contributing to deep dives on IT process areas to define the set of risks and controls in addressing financial reporting risk
Driving continuous improvement of the IT SOX program through risk assessment updates methodology enhancements and process optimization
Supporting the quarterly 302 sub-certification process and related reporting
Assisting in the evaluation of identified control deficiencies and monitoring of remediation efforts

Company-Wide Initiatives
Supporting company-wide initiatives that impact ITGC control design and implementation
Assisting with system implementation and migration and respective SDLC controls
Evaluating control implications for enterprise-wide technology transformations platform consolidations and new system launches
Partnering with cross-functional teams to ensure ITGC requirements are embedded into large-scale organizational programs

IT SOX Control Consultation (Design & Implementation)
Driving control design and implementation with engineering business and accounting teams
Providing ongoing support to process owners/control owners and cross-functional teams to ensure controls are designed and implemented effectively
Advising engineering teams on ITGC requirements for access management change management and IT operations controls
Consulting on control solutions that balance compliance requirements with operational efficiency and scalability

External Auditor Management
Managing auditor inquiries and facilitating timely resolution of identified findings
Maintaining ongoing relationships with external audit teams to proactively address emerging IT control concerns

About the team
GFRC teams key purpose is to preserve Amazons financial reputation by promoting strong controllership that supports internal controls over financial reporting (ICFR) designed to provide reasonable assurance that Amazons consolidated and statutory financial statements are complete and accurate. We partner closely with our global customers to identify and mitigate key financial reporting risks to achieve the companys control objectives. We do this by maintaining the overall ICFR framework in the GRC platform and supporting the teams responsible for designing documenting executing and assessing their processes systems and controls in their respective business environments.

- 5 years of compliance audit or risk management experience
- Bachelors degree or equivalent

- Masters degree or equivalent
- Deep knowledge of IT general controls (ITGCs) including access management change management and IT operations
- Experience with IT SOX scoping risk assessment control design testing and remediation
- Understanding of the COSO 2013 framework and SEC/PCAOB regulations as they relate to IT controls
- Familiarity with ERP systems databases and IT infrastructure relevant to financial reporting
- Experience working with GRC platforms and audit management tools
- Strong understanding of SDLC controls and system implementation lifecycle
- Excellent written and verbal communication skills

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience qualifications and location. Amazon also offers comprehensive benefits including health insurance (medical dental vision prescription Basic Life & AD&D insurance and option for Supplemental life plans EAP Mental Health Support Medical Advice Line Flexible Spending Accounts Adoption and Surrogacy Reimbursement coverage) 401(k) matching paid time off and parental leave. Learn more about our benefits at OR Portland - 121200.00 - 163900.00 USD annually
USA TX Austin - 121200.00 - 163900.00 USD annually
USA VA Arlington - 121200.00 - 163900.00 USD annually
USA WA Seattle - 121200.00 - 163900.00 USD annually