Information Technology Risk Manager

The Manager, IT Risk & Controls will play a key role in strengthening and maintaining the organization's internal control environment, with a primary focus on technology-related risks and controls supporting financial reporting and critical business systems.

Reporting to senior leadership within Risk & Controls, this individual will help design, implement, and monitor a scalable and sustainable IT controls framework within a decentralized operating model. The position will partner closely with IT, Finance, external audit resources, and third-party service providers to ensure controls are appropriately designed, documented, tested, and operating effectively. The role is primarily an individual contributor position with support from external audit and advisory partners.

This position will focus heavily on IT risk management, SOX compliance, and Internal Control over Financial Reporting (ICFR), while also contributing to broader governance, risk, and compliance initiatives.

• Support the design, implementation, and ongoing monitoring of the organization's IT controls framework across multiple business units.
• Promote consistency in control design, documentation, and execution across corporate and operational functions.
• Maintain oversight of IT General Controls (ITGCs), including:
  • User access management
  • Change management
  • IT operations
• Provide guidance on automated controls and IT-dependent manual controls that impact financial reporting.
• Participate in risk assessments to identify in-scope systems, infrastructure, and related technology risks.
• Perform and coordinate testing of IT controls, partnering with external audit and advisory resources as needed.
• Ensure controls documentation and supporting evidence are complete and maintained consistently.
• Identify opportunities to enhance the overall control environment and reduce risk.
• Assist with broader internal audit, compliance, and risk management activities.

• Provide IT risk and controls guidance during system implementations, upgrades, and integrations.
• Help ensure appropriate controls are embedded within new business processes and technology solutions.
• Assess risks associated with emerging technologies, including automation, artificial intelligence, and data integration initiatives, while supporting effective governance and control design.
• Identify and evaluate IT control deficiencies and related risks.
• Partner with business and technology stakeholders to develop and monitor remediation plans.
• Validate corrective actions and confirm sustainable control effectiveness.

• Serve as a primary point of contact for IT controls-related audit activities.
• Coordinate testing strategies to improve audit efficiency and minimize duplication of effort.
• Contribute to management reporting and governance-related presentations.

• Support special projects and strategic initiatives as assigned by leadership.
• Assist with evolving compliance and risk management programs as the organization continues to mature.

• 5+ years of experience in IT audit, IT risk management, internal audit, SOX compliance, or a related field.
• Bachelor's degree in Information Systems, Accounting, Finance, Business, or a related discipline.
• Professional certifications such as CISA, CPA, CIA, or similar are preferred.
• Strong understanding of:
  • IT General Controls (ITGCs)
  • COSO framework
  • ERP environments and supporting technologies
• Ability to communicate technical concepts to non-technical stakeholders.
• Experience supporting public company compliance requirements preferred.
• Background working within complex, multi-entity, or decentralized organizations preferred.
• Manufacturing, industrial, or operations-focused industry experience preferred.
• Strong communication, organizational, project management, and stakeholder management skills.