• IT Compliance & Application Security Manager

    Sylvamo (Memphis, TN)


    At Sylvamo, we’re a team on a mission. Joining us, you’ll be helping to sustain forests and renew ecosystems, while delivering on the promise of paper to educate, communicate and entertain the world.

     

    Come grow with us!

     

    Pay Grade 17

    Position Summary:

    The IT Compliance & Application Security Manager is responsible for leading and coordinating IT compliance initiatives, with a strong focus on Sarbanes-Oxley (SOX) and cybersecurity requirements. This role ensures that IT controls are effectively designed, documented, and executed in alignment with regulatory standards and audit expectations.

     

    This position plays a critical role in identifying risks, implementing cybersecurity best practices, and maintaining a robust control environment across both financial and non-financial systems.

    Key Responsibilities:

    + Control Framework Ownership Develop and maintain application-specific control matrices (e.g., SoD, secure development, identity lifecycle, privileged access). Ensure alignment with frameworks such as COSO, COBIT, and NIST.

    + Policy Implementation & Oversight Translate enterprise security policies into actionable control requirements. Ensure consistent implementation across centralized (e.g., SAP GRC) and decentralized platforms.

    + Partner with internal software development teams to promote secure coding practices and integrate security checkpoints within CI/CD pipelines.

    + IAM & SoD Governance Develop governance over identity provisioning, role design, and segregation of duties enforcement. Coordinate exceptions and remediation plans in collaboration with IAM and audit teams.

    + Metrics & Reporting Define and report on KPIs/KRIs related to control effectiveness and risk posture. Deliver dashboards and reports to senior leadership and risk committees.

    + Cross-Functional Collaboration Partner with application owners, cybersecurity architects, GRC analysts, and vendors to ensure compliance coverage.

    + Policies, Procedures, and Documentation Develop and maintain IT compliance policies and procedures. Ensure documentation meets audit standards and reflects current operations.

    + Education, and training, develop and train application and system owners on their responsibilities and self-assessment for security controls.

    Technical Skills & Competencies:

    + Application Security

    + IT Controls & Frameworks Deep knowledge of ITGCs, application controls, and frameworks (COSO, COBIT, NIST). Experience in change management, access management, and system operations.

    + Audit Methodologies & Standards Familiarity with PCAOB, ISACA, and other audit standards. Experience working with internal/external auditors (Big Four experience is a plus).

    + Regulatory & Compliance Knowledge Strong understanding of SOX (especially Section 404), GDPR, HIPAA, PCI-DSS.

    + GRC Tools Proficiency in SAP GRC and other GRC platforms for control monitoring and reporting.

    + Cybersecurity Fundamentals Knowledge of ISO 27001, NIST CSF, incident response, and vulnerability management.

    + Data Analysis & Reporting Ability to analyze logs, metrics, and audit findings. Proficiency in Excel, Power BI, or similar tools for reporting.

    Interpersonal Skills:

    + Collaboration & Teamwork: Effective cross-functional collaboration.

    + Communication: Clear articulation of technical concepts to non-technical stakeholders.

    + Leadership & Influence: Ability to drive compliance initiatives and gain organizational buy-in.

    + Adaptability: Flexibility in navigating regulatory and technological changes.

    + Strategic Thinking: Alignment of compliance efforts with business objectives.

    + Proactive Mindset: Anticipation of risks and continuous improvement.

    Qualifications:

    + Minimum 5 years of experience in IT compliance, audit, or cybersecurity roles.

    + Fluent in English.

    + No travel required.

    Core Competencies:

    + Courageous

    + Trustworthy

    + Inclusive & Collaborative

    + Business Savvy

    + Operational Excellence

     

    Sylvamo partners with you and your family on your health and wellness journey. We offer a premium suite of health and wellness programs for you and your family, including medical, dental, vision, disability, life insurance, and a generous 401(k) plan with matching company contributions, and more. Sylvamo is here for all stages of life. We also offer paid time off and paid holidays per year.

     

    The salary, other compensation, and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, subject to applicable law.

     

    Sylvamo is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

    Job Details

    Job Family** **Information Technology

     

    Job Function** **IT Business Analysis

     

    Pay Type** **Salary