Job Openings


Principal Information Security Engineer - IT SOX Compliance (Remote)

Ferguson Enterprises

Ferguson Enterprises

IT, Legal
Posted on Saturday, June 1, 2024

Job Posting:

Ferguson is North America’s leading value-added distributor across residential, non-residential, new construction and repair, maintenance, and improvement (RMI) end markets. Spanning 34,000 suppliers and more than one million customers, we deliver local expertise, value-added solutions, and the industry’s most extensive portfolio of products. From infrastructure, plumbing, and appliances, to HVAC, fire protection, fabrication, and more, we make our customers’ complex projects simple, successful, and sustainable.

We have an exciting opportunity for a remote IT SOX Compliance Principal to join the Information Security organization, within the Ferguson IT organization. The Principal of SOX Compliance leads and supports the program, policies, and practices to ensure the organization is aligned with the Sarbanes-Oxley Act. The incumbent performs comprehensive reviews of IT processes to ensure appropriate controls and procedures are designed and operating effectively. The role is key to ensuring the execution of the IT SOX Program and providing recommendations to Management (control owners and performers) for enhancing processes and controls and improving documentation to meet SOX requirements and to drive consistent execution of the IT SOX controls. As part of this role, this position is responsible for coordinating with internal and external audit, coordinating responses and supporting remediation of identified SOX issues, and IT General Controls design and execution coordination.

**This role is approved to be 100% remote within the United States.**

    Duties and Responsibilities:

    • Development, implementation, and execution of the Company’s IT SOX compliance program while ensuring compliance with the Sarbanes-Oxley Act and deadlines. This may include identifying, designing, and validating key controls, developing operational procedures, documenting testing, and reporting results to management, internal and external audit.
    • Lead and support the rationalization of internal control design, activities, maintain key controls inventory, and ensure SOX documentation reflects a high level of quality.
    • In partnership with Internal Audit, coordinate enterprise execution of SOX activities, including support for planning and coordinating walkthroughs, testing of IT general controls, application controls, and key system generated reports.
    • Performs proper risk and impact analysis, evaluate, and drive remediation (including working with management on remediation solutions) of identified control deficiencies and findings from SOX, Internal and External audit in a timely manner.
    • Support, guide and train the guidance of IT SOX compliance policies and procedures to advise a matrixed team of compliance coordination resources, control performers, and control owners.
    • Review merger and acquisitions and system implementations to assess risks and potential impact on key SOX internal controls and compliance requirements.
    • Maintains awareness of all applicable laws and regulations and the corresponding levels of IT SOX compliance, communicates to relevant collaborators and use as basis for input to IT policies.
    • Aide in aligning IT policies, standards, and procedures in response to SOX compliance requirements.
    • Lead and support services and relationships with external testers and compliance consultants, as appropriate.
    • Support senior Finance leadership, Internal Audit, external auditor and external testing consultants (as appropriate) to help coordinate planning and scoping of SOX audit processes.
    • Oversee process owners, SOX control owners, SOX control performers, and compliance coordinators to ensure controls are well defined and in compliance with applicable laws and regulations.
    • Collaborates with IT leaders and managers at all levels to identify areas where SOX control enhancements and/or documentation improvements are needed.
    • Participate and provide input to SOX audit engagements and coordinates all Technology SOX responses to internal and external audits.
    • Researches and assesses SOX deficiencies identified and works with Management to identify appropriate solutions. Follows-up on remediation activities to verify appropriate resolution.
    • Participates and provides input to Internal Audit’s annual technology audit plan. Participates and assists with coordination of Internal Audit’s activities within the IT domain.
    • Coordinates preparation of metrics and dashboards providing information on SOX compliance program progress, including improvements to resource knowledge maturity.
    • Assists in preparation of executive presentations and supports Sr. Director, participating in Steering Committee, Internal / External Audit, and IT Risk Coordination sessions, as appropriate.

    Knowledge, Skills & Abilities

    • Risk management models.
    • IT Incident Management.
    • Works effectively in and across sophisticated organizations.
    • Established communication, collaboration, problem solving and project management skills.
    • Knowledge of IT Infrastructure and Processes (e.g. network, application development, change control, service desk, web design).
    • Leads with vision/strategic focus.
    • Established verbal and written communication skills.
    • Diligence and keen sense of quality.
    • Ability to work across different teams in Information Security and IT to drive IT Risk & Compliance.

    Qualifications and Requirements:

    • Bachelors degree or higher in Computer Science, Information Technology, finance or accounting, similar field, or equivalent experience.
    • CPA (Certified Public Accountants) or CISA (Certified Information Systems Auditor) required CISSP (Certified Information Systems Security Professional) and/or CISM (Certified Information Security Manager preferred.
    • 4+ years large public company internal and external auditing, with emphasis on IT auditing in large public companies with complex IT hybrid environments and/or large accounting firms with experience auditing a complex IT client base.
    • Proven IT audit program and practices experience. Big 4 IT Audit experience preferred.
    • Strong understanding of the general computer control areas and IT governance frameworks (e.g., COBIT, NIST, ISO 27k), Sarbanes Oxley, and COSO framework.
    • Working understanding of US Generally Accepted Accounting Practices.
    • Proven experience designing and implementing a system of internal controls, including experience in a large-scale management-led SOX organization as well as supporting a company’s SOX program.
    • Good experience with evaluating security and controls on various on-premise and cloud-based technologies, preferred experience w/ Oracle Cloud, Workday, Microsoft Azure, SailPoint, and CyberArk.
    • Strong experience with Linux/Unix.
    • Solid ability to understand, assess and prioritize risks across the components of the IT environment (application, operating system, and database).
    • Tenacious in pursuit of improvement and ability to manage fearless conversations with technical and non-technical internal & external team members at management levels.

    Ferguson is dedicated to providing meaningful benefits programs and products to our associates and their families—geared toward benefits, wellness, financial protection, and retirement savings. Ferguson offers a competitive benefits package that includes medical, dental, vision, retirement savings with company match, paid leave (vacation, sick, personal, holiday, and parental), employee assistance programs, associate discounts, community involvement opportunities, and much more!



    Pay Range:


    Actual pay rate may vary depending upon location. The estimated pay range for this position is below. The specific rate will depend on a candidate’s qualifications and prior experience.


    $10,594.74 - $18,536.46


    Estimated Ranges displayed are Monthly for Salaried roles OR Hourly for all other roles.


    This role is Bonus or Incentive Plan eligible.


    The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

    Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

    Equal Employment Opportunity and Reasonable Accommodation Information