• IT Audit & Compliance Manager

    Sylvamo (Memphis, TN)


    IT Audit & Compliance Manager

     

    Brazil ● Memphis, TN, USA ● Mogi Guaçu, State of São Paulo, BrazilReq #2389

     

    Wednesday, April 30, 2025

     

    At Sylvamo, we’re a team on a mission. Joining us, you’ll be helping to sustain forests and renew ecosystems, while delivering on the promise of paper to educate, communicate and entertain the world.

     

    Come grow with us!

     

    **Position Summary** :

     

    The **IT Audit & Compliance Manager** is responsible for coordinating and supporting all IT audit compliance activities, including—but not limited to—Sarbanes-Oxley (SOX) requirements. As the central liaison between the IT organization and internal/external auditors, this position ensures that IT controls are designed, documented, and operated in alignment with established audit standards and regulatory obligations.

     

    This role also involves proactive identification of potential risks and implementation of cybersecurity best practices to protect both financial and non-financial systems.

     

    This position ensures that the IT organization maintains ownership of its controls in alignment with, Audit standards and requirements. By actively ensuring and safeguarding the efficiency and security of both financial and non-financial IT systems, the IT Audit & Compliance Manager supports a robust control environment that meets regulatory expectations and advances organizational goals.

     

    **Key Responsibilities** :

    **Audit Coordination & IT Compliance Liaison** :

    + Act as the primary coordination point within IT for SOX and other IT audit activities, collaborating with both internal and external audit teams.

    + Facilitate communication of IT-specific control requirements, testing schedules, and documentation needs.

    + Ensure IT ownership of controls by providing comprehensive input on design and operation, while aligning with Audit standards and requirements.

    **IT Deficiency Coordination & Tracking** :

    + Collaborate with auditors to understand IT-related findings and recommended remediation actions stemming from SOX, cybersecurity, or other audits.

    + Work closely with IT teams to prioritize and complete remediation efforts, ensuring alignment with audit timelines.

    + Partner with Audit, which maintains the central repository of IT-related deficiencies, to help track their status and escalate any risks or delays to relevant leadership.

    **Ongoing IT Control Support** :

    + Assist in reviewing and refining IT control documentation based on Audit guidance and regulatory requirements.

    + Monitor changes in IT systems or processes that could impact control design or audit scope, communicating those changes to Audit.

    + Oversee SAP GRC, including monitoring access to sensitive transactions and ensuring compliance with the Firefighter access process, promptly addressing any issues with unauthorized or inappropriate use.

    + Promote a culture of compliance by sharing best practices for effective control operation and documentation throughout IT.

    **Proactive Risk Identification & Mitigation** :

    + Continuously assess the IT environment for emerging risks and vulnerabilities, including those outside the traditional financial scope (e.g., new technologies, evolving cyber threats).

    + Develop and recommend preventive measures or process improvements to mitigate identified risks before they materialize into audit issues or security incidents.

    + Lead proactive initiatives that reinforce IT control robustness and reduce the likelihood of non-compliance.

    **Cybersecurity Assurance** :

    + Coordinate and conduct internal assessments to ensure that all systems—beyond just financial ones—are adequately protected in line with prior cyber, SOX, and other audit recommendations.

    + Validate that existing IT security measures and controls meet or exceed recommended standards, escalating any gaps or vulnerabilities for remediation.

    + Collaborate with IT security teams to align cybersecurity efforts with SOX and other regulatory frameworks, ensuring holistic protection and compliance.

    **Policies, Procedures, and Documentation** :

    + Collaborate with IT stakeholders to develop, update, and maintain clear, consistent policies and procedures for all IT compliance requirements.

    + Ensure documentation standards meet Audit expectations and accurately reflect current operations.

    + Support business process owners in understanding how changes to IT systems or processes affect documented controls.

    **Training and Awareness** :

    + Develop and deliver training programs to help IT staff and business stakeholders understand IT-related audit requirements and their roles in control execution.

    + Promote awareness campaigns on IT compliance and cybersecurity best practices.

    **Stakeholder Managemen** t:

    + Partner with IT leadership, business unit leaders, and functional teams to embed IT-related audit considerations (including SOX) into strategic and operational decisions.

    + Ensure that compliance priorities are well understood and adequately resourced across the organization.

    **Metrics and Reporting** :

    + Define, track, and report on key performance indicators (KPIs) and key risk indicators (KRIs) related to the IT control environment (e.g., number of open deficiencies, audit testing coverage).

    + Provide regular updates to management and ITLT on the status of IT controls, remediation efforts, and cybersecurity initiatives.

    **Systems and Tools** :

    + Collaborate with Audit to oversee or assist with tools and software that support IT control documentation, testing, and reporting.

    + Advocate for technology solutions that streamline compliance and strengthen the IT control environment.

    **Required Skills and Knowledge** :

    + For an IT Audit & Compliance Manager, both technical and interpersonal skills are vital to effectively lead and coordinate the organization’s audit and compliance efforts.

    Technical Skills:

    **IT Controls & Frameworks** :

    + Deep knowledge of IT General Controls (ITGCs), application controls, and relevant frameworks (e.g., COSO, COBIT, NIST).

    + Practical experience implementing and testing controls in areas such as change management, access management, and system operations.

    **Audit Methodologies & Standards** :

    + Familiarity with auditing standards (e.g., PCAOB for SOX, ISACA guidelines) and the ability to align IT controls with these standards.

    + Hands-on experience collaborating with internal or external auditors (Big Four experience is often a plus).

    **Regulatory & Compliance Knowledge** :

    + Understanding of Sarbanes-Oxley (SOX) compliance, especially Section 404 for IT controls.

    + Experience with other relevant regulations (GDPR, HIPAA, PCI-DSS, etc.) depending on the industry.

    **SAP GRC & Other GRC Tools** :

    + Proficiency in SAP GRC for monitoring sensitive transactions and overseeing Firefighter access.

    + Familiarity with Governance, Risk, and Compliance (GRC) platforms used for documentation, testing, and reporting of controls.

    **Cybersecurity Fundamentals** :

    + Baseline knowledge of cybersecurity frameworks (ISO 27001, NIST CSF) and best practices for safeguarding both financial and non-financial systems.

    + Incident response and vulnerability management awareness to identify and escalate security gaps.

    **Data Analysis & Reporting** :

    + Ability to analyze logs, metrics, and audit findings to spot patterns, trends, or control weaknesses.

    + Competency in reporting tools (e.g., Excel, Power BI) for creating dashboards, KPIs, and metrics.

    **Interpersonal (Soft) Skills** :

    Collaboration & Teamwork:

    + The ability to work seamlessly with cross-functional teams (Finance, Legal, Security, Operations) and external auditors.

    + Diplomatic communication when negotiating timelines, responsibilities, and remediation efforts.

    **Effective Communication** :

    + Clarity in explaining complex IT control requirements and audit findings to non-technical stakeholders.

    + Concise reporting of key issues, risks, and remediation progress to senior leadership and committees (e.g., ITLT, Audit Committee).

    **Influence & Leadership** :

    + Confidence and credibility to champion compliance priorities and escalate issues when necessary.

    + Ability to gain buy-in across various organizational levels, from engineers to executives.

    **Adaptability & Problem-Solving** :

    + A flexible approach to navigate changing regulations, evolving technologies, and shifting business priorities.

    + Root-cause analysis skills to address recurring control weaknesses or security incidents.

    Strategic Thinking & Business Acumen:

    + Awareness of how IT compliance efforts intersect with broader business objectives.

    + Capability to propose solutions or process improvements that enhance both compliance and efficiency.

    Proactive Mindset:

    + Forward-looking approach to identify potential risks and implement preventative measures.

    + Initiative in driving continuous improvement rather than only reacting to audit findings.

    Experience:

    + 5 years’ experience in similar roles/industry

    + Fluent in English

    + No travel required

    **Competencies** :

    + Courageous

    + Trustworthy

    + Inclusive and Collaborative

    + Business Savvy

    + Operational Excellent

     

    Sylvamo partners with you and your family on your health and wellness journey. We offer a premium suite of health and wellness programs for you and your family, including medical, dental, vision, disability, life insurance, and a generous 401(k) plan with matching company contributions, and more. Sylvamo is here for all stages of life. We also offer paid time off and paid holidays per year.

     

    The salary, other compensation, and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, subject to applicable law.

     

    Sylvamo is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

    Other details

    + Job FamilyInformation Technology

    + Job FunctionInformation Security

    + Pay TypeSalary

    + Brazil

    + Memphis, TN, USA

    + Mogi Guaçu, State of São Paulo, Brazil

     

    Sylvamo is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.