As the SOX Technical Program Manager, you will play a critical role in embedding SOX compliance and establishment of IT General Controls into lululemons technology project lifecycle. You will partner closely with the Cybersecurity GRC team, Technology stakeholders, and business leaders to ensure that new systems, enhancements, and integrations are designed and implemented with strong internal controls that meet SOX requirements.
You will lead the design, implementation, and monitoring of SOX IT general controls across the SDLC, ensuring that access and privileged account management, change management, and system configuration processes are compliant from project initiation through deployment. Your work will directly support the integrity of financial reporting and the effectiveness of lululemons internal control environment.
Key Responsibilities:
Lead the implementation of SOX IT controls across new technology projects and system development initiatives.
Collaborate with project teams to embed control requirements into project plans, technical designs, and implementation roadmaps.
Document SOX control design narratives and operating effectiveness testing for in-scope systems and tools.
Serve as the subject matter expert (SME) for SOX compliance within the SDLC, providing guidance on control design, risk mitigation, and audit readiness.
Coordinate walkthroughs, evidence collection, and control testing with internal and external auditors.
Partner with Global Architecture, Engineering, and Product teams to assess the SOX impact of new technologies and system changes.
Monitor and track remediation of control deficiencies, ensuring timely resolution and sustainable fixes.
Support quarterly SOX certifications and management attestations related to new systems and changes.
Maintain centralized documentation and evidence repositories to support audit and compliance activities.
Provide regular reporting and metrics on SOX SDLC program health, control coverage, and remediation status.
Educate and train project teams and control owners on SOX requirements and best practices.
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
Human Resources Request Form. The EEOC "Know Your Rights" Poster is available
here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
5+ years of experience in IT Audit, Security GRC, or SOX compliance, with a strong focus on SDLC, access management, and change management controls.
Big 4 or equivalent IT Audit experience required, with demonstrated expertise in evaluating ITGCs and application controls.
Deep understanding of SOX Section 404, including risk assessment, control design, and testing methodologies.
Proven experience defining, documenting, and implementing SOX controls in system development and project environments.
Strong knowledge of ITGC domains: access controls, change management, IT operations, and SDLC.
Familiarity with retail systems (e.g., Oracle EBS, RMS, OMS, WMS) and their SOX implications.
Experience with cloud platforms (AWS, Azure), SaaS applications, and their impact on SOX compliance.
Ability to collaborate with stakeholders and control owners to drive accountability and ownership for technology controls and facilitate an environment of continuous compliance
Proficiency with GRC tools such as ServiceNow, Jira, or Archer for managing change and compliance workflows.
Strong communication and stakeholder engagement skills, with the ability to influence cross-functional teams.
Ability to manage multiple priorities in a fast-paced, global environment.
Professional certifications such as CISA, CPA, CISSP, or CIA are required.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.