Sox And Itgc Manager

Summary

Join Figma's growing team and become our SOX and ITGC Manager, responsible for implementing and ensuring the effectiveness of IT General Controls (ITGCs) and application controls across our business and IT systems. You will be the primary point of contact for IT, application owners, and auditors, leading auditing activities and remediation efforts. This full-time role can be based in one of our US hubs or remotely within the United States. You will lead the design, implementation, and monitoring of ITGC frameworks, develop and maintain related policies and procedures, and partner with internal and external audit teams. The role also involves working with system owners and stakeholders to address risks and enhance system security. Figma offers a competitive compensation and benefits package.

Requirements

• 5+ years of audit/assessment experience with SOX
• In-depth knowledge of ITGC frameworks, including access management, change management, and operations
• Strong understanding of ERP systems, cloud-based applications, and corporate IT infrastructures
• Solid project management and organizational skills with the ability to manage multiple priorities
• Effective communication skills, with the ability to convey complex concepts to technical and non-technical audiences

Responsibilities

• Lead the design, implementation, and monitoring of ITGC frameworks for corporate systems, including access controls, change management, data integrity, and IT operations
• Develop and maintain ITGC policies, procedures, and documentation to support the organization's control environment
• Partner with internal and external audit teams to support ITGC testing and resolve findings efficiently
• Work closely with system owners, IT teams, and business stakeholders to address risks, implement controls, and enhance system security
• Implement a standardized process for performing UAR’s and change log reviews, pushing to automate and optimize these processes where feasible
• Provide relevant awareness training to control owners
• Conduct regular risk assessments of corporate systems to identify potential control gaps and recommend remediation strategies

Preferred Qualifications

• Experience with audit tools, GRC platforms, and automation technologies
• Certified Information Security Auditor (CISA)

Benefits

• Health, dental & vision
• Retirement with company contribution
• Parental leave & reproductive or family planning support
• Mental health & wellness benefits
• Generous PTO
• Company recharge days
• A learning & development stipend
• A work from home stipend
• Cell phone reimbursement
• Sales incentive pay for most sales roles
• Equity