Manager, IT Audit

About the Role

About the Role:
The Internal Audit (“IA”) Department is seeking an experienced IT SOX Manager to join the Gap Inc. This role will be based in Hyderabad (Gap HDC) and will partner closely with global Internal Audit, IT, and business stakeholders to ensure effective design, implementation, and testing of IT General Controls (ITGCs), automated controls, and key reports.
The ideal candidate will bring strong technical expertise, leadership capability, and a proactive and innovation mindset to drive compliance excellence and continuous improvement.

What You'll Do

Key Responsibilities:
•    Lead end-to-end execution of the IT SOX program, including annual planning, scoping, risk assessment, and reporting across global in-scope systems.
•    Oversee the design and operating effectiveness testing of ITGCs (Access, Change Management, IT Operations) and ITACs, ensuring high-quality and consistent execution.
•    Ensure alignment with SOX requirements, PCAOB standards, and internal audit methodologies, maintaining audit readiness at all times.
•    Partner with global IT teams, business stakeholders, co-source partners, and external auditors to coordinate and drive SOX activities across regions.
•    Serve as the primary point of contact for IT SOX within Gap HDC, providing guidance on control requirements, risks, and remediation strategies.
•    Lead and facilitate walkthroughs, risk assessments, and control design discussions, ensuring accurate and complete documentation (e.g., RCMs, narratives, flowcharts).
•    Evaluate the overall IT control environment, identify systemic gaps, and provide strategic, risk-based remediation recommendations.
•    Oversee deficiency evaluation and remediation, including impact assessment, root cause analysis, and validation of issue closure.
•    Assess the SOX impact of system implementations, upgrades, and transformations, ensuring controls are appropriately designed and implemented.
•    Coordinate with external auditors to support reliance on IT controls, including timely delivery of documentation and resolution of audit queries.
•    Develop and deliver status reporting, dashboards, and executive-level insights on IT SOX compliance, risks, and trends.
•    Drive standardization and consistency in control documentation, testing approaches, and evidence requirements across teams.
•    Identify and implement opportunities to enhance efficiency, including automation, data analytics, and control rationalization.
•    Promote best practices in IT risk management, governance, and compliance across the organization.
•    Lead, coach, and develop a team of IT SOX professionals, providing clear direction, performance feedback, and growth opportunities.
•    Foster a culture of accountability, collaboration, and continuous improvement within the team and across stakeholder groups.
 

Who You Are

Who You Are:

Required:

• Bachelor’s degree in Information Systems, Computer Science, or a related field.
• 8+ years of experience in IT audit, IT SOX, or IT risk management 
• At least 3–5 years in a leadership or managerial role 
• CISA, CISSP certification highly preferred
• Strong knowledge of testing IT General Controls, IT application controls, interfaces, SOC reports.
• Strong working knowledge of ERP systems (Oracle), cloud environments (Azure) and microservices architecture is highly preferred
• Experience working with external auditors (Big 4 preferred)
• Proactive individual who can work independently and has strong project management, communication skills

Nice to Have:

• Experience with GRC tools (e.g., ServiceNow GRC, AuditBoard) 
• Experience in retail or consumer-facing industries