Manager, SOX

About Us

Founded in 1992 in Dover, NH, Planet Fitness is one of the largest and fastest-growing franchisors and operators of fitness centers in the United States by number of members and locations. We have over 2,700+ stores in 50 states, the District of Columbia, Puerto Rico, Canada, Panama, Mexico, Spain, and Australia. 90% of Planet Fitness stores are owned and operated by independent franchisees.

At Planet Fitness, our unique mission has always been to enhance people's lives by providing a high-quality fitness experience in a welcoming, non-intimidating environment. And we're proud of the amazing Planet Fitness team that supports our clubs and team members. They are comprised of dynamic, dedicated, and talented individuals who represent our values of integrity, transparency, passion, respect, and excellence (while having fun!)

in everything they do.

Joining the PF family means being part of a company that cares about bettering the health and wellbeing of our communities. It means being a part of a supportive, engaging workforce with an inclusive culture that values diversity and creates an environment where everyone can feel they belong. It means encouraging professional growth and development. It means making true, lasting connections with your co-workers with celebrations, team building activities and engaging corporate events!

It means creating a positive impact in our local communities through our Judgement Free Generation philanthropic initiative. It means being part of a brand that you can be proud of!

For the past 30 years, we've helped millions of people in their fitness journey and revolutionized the industry along the way. And we're just getting started!

Overview

The Manager, SOX's primary responsibility will be to lead and continually improve the Company's Sarbanes-Oxley (SOX) compliance program, ensuring the design, operation, and audit readiness of information technology related internal controls over financial reporting (ICFR), while partnering closely with Finance, Information Technology ("IT"), Internal Audit and Information Security. The Manager, SOX will work in close collaboration with Security Operations to assess security-related controls and incidents as they relate to SOX requirements.

This person will also work on and improve other compliance programs which include GDPR, PCI, and other privacy compliance regulations as time permits.

This role is expected to work our hybrid schedule out of the Hampton, NH office or future Boston, MA office.

Responsibilities

SOX Program Ownership & Governance

* Own the end-to-end SOX compliance program for IT, including scoping, risk assessment, control design, testing, remediation, and reporting.

* Lead annual SOX planning and quarterly execution, ensuring timely completion of support required for Internal Audit testing, management certifications and external reporting.

* Ensure compliance with SOX Section 404, COSO framework, and PCAOB standards.

* Prepare, review, and maintain SOX risk and control documentation, including, flowcharts and periodic evidence of control performance.

* Manage all incremental Internal and External Audit testing evidence requests.

Internal Controls & Risk Management

* Participate in External Audit led IT process and control walkthroughs to evaluate the effective design of IT general controls.

* Ensure timely and accurate evidence of operating effectiveness of key IT General Controls including access management, change management, system monitoring, and data integrity controls is completed by the respective IT control preparers and reviewers.

* Participate in joint testing, with External and Internal Audit, of key application controls and system generated reports used in the performance of the Company's key business process and IT general controls.

* Identify control gaps, deficiencies, and emerging risks; partner with control owners and Internal Audit to define, document, and track remediation plans.

* Assess the SOX impact of business and technology changes, including new systems, international expansion, franchise growth, organizational changes, and acquisitions.

* For all key technology vendors, ensure appropriate System and Organization Controls ("SOC") audits are performed and SOC audit reports are reviewed for any deficiencies and mapping of Complementary User Entity Controls (CUECs) to effective controls in the Company's overall SOX program.

Information Security Partnership

* Partner closely with Information Security and Security Operations to understand the design and operation of security controls relevant to SOX, including user access, logging, monitoring, and incident response processes.

* Assess the SOX and ICFR impact of security incidents in collaboration with SECOPS, including evaluating whether incidents represent control deficiencies or require remediation or audit disclosure.

* Coordinate the collection and evaluation of security-related evidence required for SOX testing, while maintaining independence from day-to-day…