Job Summary: The Enterprise Systems Security Manager is responsible for safeguarding enterprise applications and IT environments through strong access governance, effective IT control management, and proactive risk and vulnerability coordination. This role partners closely with IT, Compliance, Audit, and business stakeholders to ensure SOX compliance, secure system operations, and continuous improvement of the organization’s IT control framework. The ideal candidate combines technical expertise with governance, risk, and people leadership capabilities.

Key Responsibilities

Application Access Management

• Lead enterprise-wide application access management strategies, including role design, provisioning, de-provisioning, and periodic access reviews.

• Ensure least-privilege access principles are enforced across all critical systems and applications.

• Partner with application owners and IAM teams to resolve access-related risks and audit findings.

SOX IT Controls Management

• Own and manage SOX IT General Controls (ITGCs) related to access, change management, and system operations.

• Coordinate with Internal and External Audit teams to support SOX testing, walkthroughs, and evidence requests.

• Maintain documentation for control effectiveness, control design, and risk assessments.

Control Design and Expansion

• Design, implement, and enhance IT control frameworks to support evolving business, regulatory, and security requirements.

• Expand IT controls into new systems, applications, and processes as the enterprise technology landscape grows.

• Evaluate control gaps and recommend scalable, sustainable solutions.

Remediation Oversight

• Oversee remediation efforts for identified control deficiencies, audit findings, vulnerabilities, and compliance issues.

• Track remediation plans, timelines, and ownership to ensure timely and effective resolution.

• Validate remediation effectiveness and ensure issues are fully resolved before closure.

Vulnerability and Risk Coordination

• Coordinate vulnerability and risk management activities across enterprise systems.

• Partner with cybersecurity, infrastructure, and application teams to assess risk impact and prioritize mitigation efforts.

Training and Support

• Provide training and ongoing support to IT and business stakeholders on access controls, SOX requirements, and security best practices.

• Act as a subject matter expert for IT controls, access governance, and audit readiness.

• Promote a culture of accountability, security awareness, and compliance.

Education and Certification:

• Bachelor’s degree in information technology, Computer Science, Business Administration, or a related field.

• Professional certifications such as CISA, CRISC, or CISSP are preferred.

Experience:

• 5+ years of experience in IT SOX compliance, IT audit, or IT risk management in a global organization.

• Proven experience with IT general controls (ITGCs), SOX 404, and related frameworks (e.g., COBIT, COSO).

• Familiarity with ERP systems, cloud platforms, and GRC tools is highly desirable.

Skills and Competencies:

• Strong analytical and problem-solving skills with the ability to identify risks and recommend solutions.

• Excellent communication and interpersonal skills to collaborate with diverse teams and stakeholders globally.

• Strong knowledge of IT control design, operation, and testing methodologies.

• Detail-oriented with strong organizational skills to manage multiple priorities effectively.

• Ability to work both independently and collaboratively as part of a global team.

Additional Information:

• Limited travel required (less than 10%).

• This position will have direct reports but is also expected to work as an individual contributor as needed.

• This position requires a proactive approach to driving global IT compliance and control improvements.

Circle K is an Equal Opportunity Employer.
The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws.  Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company. Please inform the Company’s Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.

Click below to review information about our company's use of the federal E-Verify program to check work eligibility:

In English

In Spanish