Manager, IT SOX Compliance & Risk

Genesys empowers organizations of all sizes to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, organizations can accelerate growth by delivering empathetic, personalized experiences at scale to drive customer loyalty, workforce engagement, efficiency and operational improvements.

We employ more than 6,000 people across the globe who embrace empathy and cultivate collaboration to succeed. And, while we offer great benefits and perks like larger tech companies, our employees have the independence to make a larger impact on the company and take ownership of their work. Join the team and create the future of customer experience together.

Summary

As an IT SOX Compliance & Risk Manager at Genesys, you will play a key role in supporting the organization's IT Sarbanes-Oxley (SOX) compliance program by helping maintain effective IT General Controls (ITGCs), automated controls, and IT-dependent manual controls across critical business systems. You will partner closely with Technology, Security, Finance, Internal Audit, and external auditors to support compliance activities, assess technology risks, review third-party controls, and strengthen the overall control environment.

This role requires strong knowledge of SOX compliance, IT governance, cloud technologies, cybersecurity controls, third-party risk management, and risk management practices, along with the ability to collaborate effectively across cross-functional teams to drive compliance, operational excellence, and continuous improvement.

Key Responsibilities

• Manage IT SOX compliance activities and execution of the SOX program to support compliance with SOX Section 404 requirements and organizational objectives.
• Lead annual SOX scoping, risk assessments, control design evaluations, testing activities, and remediation efforts while partnering with business and technology stakeholders to strengthen the overall control environment across IT General Controls (ITGCs), automated controls, and IT-dependent manual controls.
• Oversee logical access governance activities, including user provisioning and deprovisioning, access reviews, privileged access management, segregation of duties, and identity governance processes.
• Assess risks and controls related to software development lifecycle (SDLC), change management, DevOps processes, source code repositories, and cloud deployment activities.
• Lead third-party compliance and technology risk assessments through the review of SOC reports, evaluation of vendor controls, identification of control gaps, and coordination of remediation activities.
• Lead cross-functional coordination with Internal Audit, External Audit, Security, Engineering, Finance, and business process owners to drive compliance objectives, audit readiness, and remediation outcomes.
• Provide guidance on IT governance, risk, and control frameworks (COSO, COBIT, NIST), conduct technology risk assessments, and monitor emerging cybersecurity and regulatory risks to strengthen the compliance program.
• Evaluate the impact of system implementations, cloud migrations, organizational changes, and technology initiatives on the SOX control environment and associated technology risks.
• Develop and maintain compliance documentation, risk assessments, remediation plans, metrics, and management reporting to support audit readiness and stakeholder communication.
• Leverage data analytics, automation, and continuous monitoring techniques to improve control effectiveness, testing efficiency, audit readiness, and compliance reporting.
• Lead compliance program planning activities, including annual testing strategies, compliance testing schedules, resource allocation, project prioritization, and execution oversight for SOX compliance and technology risk initiatives.
• Evaluate compliance and technology risk issues, determine risk severity and business impact, establish remediation priorities, provide risk-based recommendations to management, and escalate significant control deficiencies and risks to leadership as appropriate.
• Monitor remediation activities, track progress against established milestones, and drive timely resolution of control deficiencies through collaboration with control owners and technology stakeholders.
• Provide day-to-day leadership, coaching, and work prioritization for compliance analysts, contractors, or cross-functional compliance resources supporting SOX and technology risk initiatives.
• Develop and present compliance metrics, program status updates, risk trends, audit results, and remediation progress reports to senior leadership and key stakeholders.
• Provide compliance guidance, training, and awareness programs to technology teams, control owners, and stakeholders to support effective control execution and risk management practices.
• Drive continuous improvement initiatives to enhance the effectiveness, efficiency, and maturity of the SOX compliance and technology risk management program.

Qualifications

• Bachelor's degree in Information Systems, Information Technology, Computer Science, Accounting, Finance, or a related field.
• Experience leading teams, mentoring professionals, or coordinating the work of analysts, consultants, or contractors in compliance, audit, or risk management environment.
• Professional certifications such as CISA, CRISC, CISSP, CPA, or equivalent preferred.
• 5 to 8+ years of experience in IT audit, SOX compliance, IT risk management, cybersecurity governance, or related disciplines.
• Experience supporting SOX programs within a public company, SaaS organization, or consulting environment.
• Strong understanding of SOX Section 404, COSO, COBIT, NIST, and IT governance frameworks.
• Experience assessing and testing IT General Controls (ITGCs), automated controls, and IT-dependent manual controls.
• Experience evaluating logical access controls, user access reviews, privileged access management, change management, and SDLC controls.
• Experience reviewing SOC 1 reports, evaluating complementary user entity controls (CUECs), and assessing third-party risks within a SOX compliance environment.
• Familiarity with enterprise technologies such as Salesforce, Oracle Fusion Cloud, ServiceNow, GitHub, AWS, Azure, Workday, Okta, Active Directory, and identity governance platforms such as SailPoint or Saviynt.
• Knowledge of cloud security concepts, cybersecurity governance practices, third-party risk management, and technology risk management principles.
• Experience utilizing GRC platforms and workflow tools such as ServiceNow, AuditBoard, Workiva, Archer, or similar solutions.
• Experience supporting internal and external audit engagements, issue remediation efforts, and control optimization initiatives.
• Strong analytical, organizational, and project management skills with the ability to manage multiple priorities effectively.
• Excellent communication and interpersonal skills with the ability to collaborate across technical and non-technical teams.
• Ability to influence stakeholders, build relationships, and support cross-functional initiatives in a dynamic environment.

Preferred Qualifications

• Experience working within a cloud-based SaaS environment.
• Familiarity with identity governance, access certification, privileged access management, and compliance automation initiatives.
• Experience supporting enterprise system implementations, cloud migrations, or technology transformation programs.
• Experience leveraging data analytics, continuous monitoring, or automation solutions within compliance and audit programs.
• Understanding of emerging technology risks, cybersecurity frameworks, cloud governance best practices, and vendor risk management processes.

Compensation:

This role has a market-competitive salary with an anticipated base compensation range listed below. Actual salaries will vary depending on a candidate’s experience, qualifications, skills, and location. This role might also be eligible for a commission or performance-based bonus opportunities.  

Benefits:

• Medical, Dental, and Vision Insurance. 

• Telehealth coverage

• Flexible work schedules and work from home opportunities

• Development and career growth opportunities

• Open Time Off in addition to 10 paid holidays

• 401(k) matching program

• Adoption Assistance

• Fertility treatments

Click here to view a summary overview of our Benefits.

If a Genesys employee referred you, please use the link they sent you to apply.

About Genesys:

Genesys® empowers more than 8,000 organizations worldwide to create the best customer and employee experiences. With agentic AI at its core, Genesys Cloud™ is the AI-Powered Experience Orchestration platform that connects people, systems, data and AI across the enterprise. As a result, organizations can drive customer loyalty, growth and retention while increasing operational efficiency and teamwork across human and AI workforces. To learn more, visit www.genesys.com.

Reasonable Accommodations:

If you require a reasonable accommodation to complete any part of the application process, or are limited in your ability to access or use this online application and need an alternative method for applying, you or someone you know may contact us at [email protected].

You can expect a response within 24–48 hours. To help us provide the best support, click the email link above to open a pre-filled message and complete the requested information before sending. If you have any questions, please include them in your email.

This email is intended to support job seekers requesting accommodations. Messages unrelated to accommodation—such as application follow-ups or resume submissions—may not receive a response.

Genesys is an equal opportunity employer committed to fairness in the workplace. We evaluate qualified applicants without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, marital status, domestic partner status, national origin, genetics, disability, military and veteran status, and other protected characteristics.

Please note that recruiters will never ask for sensitive personal or financial information during the application phase.