Share this Job

IT SOX Compliance Manager

Apply now »

Date: Jan 8, 2019

Location: Boston, MA, US, 02110

Company: Houghton Mifflin Harcourt

Job Requisition ID: 14878

Additional Locations: 


The Organization

Houghton Mifflin Harcourt is a global learning company with the mission of changing people's lives by fostering passionate, curious learners. Among the world's largest providers of pre-K-12 education solutions, HMH combines cutting-edge research, editorial excellence and technological innovation to improve teaching and learning environments and solve complex literacy and education challenges. HMH's interactive, results-driven education solutions are utilized by 50 million students in over 150 countries, and its renowned and awarded novels, non-fiction, children's books and reference works are enjoyed by readers throughout the world. For more information, visit

The Information Technology organization is transforming to realize our mission: Become a leader in HMH’s digital transformation, and as a strategic partner, innovate and deliver highest value, competitive advantage solutions across all corporate and business functions. Our ambition is to be a digital leader through innovation and develop and deliver leading edge technology such as robotic process automation and artificial intelligence to solve some of HMH’s greatest operational business challenges.  Our professionals will have business relevant skills to connect our HMH partners to technologies that propel the businesses to deliver the greatest value for HMH and our customers.  We are building a team of IT professionals with an insatiable appetite to learn, a relentless focus on customer service, a technological curiosity toward future possibilities, and a creativity in solving business challenges with leading technologies.  Our team will find ways to work together, create a sense of community where it’s safe to take risks and learn together, develop our careers, and all have an opportunity to work on new technologies.  We will work together, learn together and have fun together. As a team, we will lead HMH’s digital transformation.


The Opportunity – IT SOX Compliance Manager

Our security team works to provide continuous improvements through prevention, detection, processes, and policies for customer and company information to maintain privacy and security. The Information Security SOX Compliance Specialist will report to HMH’s Chief Information Security Office and will work closely with the other leads from Internal Audit, IT, legal and other business units to analyze, evaluate, enhance, and report on HMH information systems' internal controls.  The ideal candidate will be a self-starter and take on a key role in developing IT controls, conducting risk assessments and partnering with IT to provide recommendations for improvements. Your work will help us improve our processes and come up with ways to make our IT control environment even stronger.


Duties & Responsibilities:


  • Champion Sarbanes Oxley (SOX) IT Compliance, SAP Access Governance, and SAP Segregation of Duties (SOD) compliance initiatives
  • Partner with process owners by providing guidance and support in designing and implementing appropriate controls to strengthen the control environment in areas like SOX, PCI, etc.
  • Maintain IT risk management framework and identify control gaps to communicate existing and emerging SOX IT and other IT compliance risks to IT Management
  • Work with stakeholders across the IT Organization to ensure that key IT Controls are executed and ensure that an acceptable level of internal control is maintained over the IT Organization
  • Monitor control performance of IT controls across the company for timely and effective execution
  • Perform regular assessment of HMH's IT Controls and ensures continued compliance
  • Act as primary liaison between IT and audit groups (internal and external) during all phases of the audit process
  • Work with SAP Access Governance Team and SAP Security team to identify and analyze SAP SOD conflicts
  • Identify and document mitigating controls in SAP GRC and periodic confirmation of mitigation control operation and scope (validation that control is still in place and applies to conflicts it covers in SAP GRC)
  • Create and implement process improvement of processes and controls; ensure that remediation plans are communicated and implemented on a timely basis
  • Support Internal Audit for audit operations with concentration on IT compliance
  • Liaise with external audit for compliance activities
  • Managing frequent, ad hoc requests from the business/IT for advice/assistance regarding controls and compliance
  • Deliver the data and insight that informs business leaders on risk-based tactical and strategic business initiatives
  • Identify and leverage data sources that will enhance our risk intelligence capabilities
  • Provide critical input and expertise in the selection and implementation of new tools that contribute to the
  • ongoing improvement of our compliance posture
  • Perform current system or platform compliance analysis and documentation


Required Education and Experience


  • Bachelor's Degree
  • 7-8 years prior experience in SOX IT, IT Audit, IT Compliance, IT Controls, or IT Risk Management
  • Strong experience with IT General Controls (ITGCs)
  • Experience in managing regulated data environments, (e.g. PCI, SOX, FERPA, HIPAA, and COPPA)
  • Understanding of SAP Systems and Modules preferred, including S/4 HANA
  • Working knowledge of SAP GRC modules including Access Request Manager, Emergency Access Manager (EAM or Firefighter), and Access Risk Analysis (ARA)
  • Experience with, ADP, MySQL, Unix, Oracle, Windows Active Directory etc.
  • Familiar with tools such as ServiceNow, Jira
  • Proficiency in Microsoft Excel
  • Must have excellent verbal and written communication and listening skills due to high amount of interaction with HMH staff, clients, and external vendors.
  • High level of patience and courtesy is required to deal with individuals and their varied technological skill levels
  • Ability to effectively work independently as well as part of a cohesive and agile team.
  • Self-starter with a strong sense of responsibility and the ability to work with minimal supervision
  • Excellent analytical skills required
  • Ability to remain organized and to elicit cooperation from a wide variety of sources including team members, other internal departments and external parties.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment and react to project adjustments
  • and alterations promptly and efficiently.
  • Ability to develop strong relationships with stakeholders in order to drive risk management culture and implementation
  • CISA certification is a plus
  • Big-4 Experience is a plus


Additional Technical Requirements


  • Use and improvement of process and controls via internal tools including Jira, Confluence, etc.
  • Knowledge of information security standards preferred
  • Knowledge of technical aspects of data security preferred


Houghton Mifflin Harcourt is committed to a comprehensive policy of Equal Opportunities and we aim to create a workplace which provides for equal opportunities for all employees and potential employee


Houghton Mifflin Harcourt (NASDAQ:HMHC) is a global learning company dedicated to changing people’s lives by fostering passionate, curious learners. As a leading provider of pre-K–12 education content, services, and cutting-edge technology solutions across a variety of media, HMH enables learning in a changing landscape. HMH is uniquely positioned to create engaging and effective educational content and experiences from early childhood to beyond the classroom.  HMH serves more than 50 million students in over 150 countries worldwide, while its award-winning children's books, novels, non-fiction, and reference titles are enjoyed by readers throughout the world.

For more information, visit  

Houghton Mifflin Harcourt is an equal employment opportunity employer and participates in E-Verify. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.

Nearest Major Market: Boston

Job Segment: Manager, Business Process, Management, Publishing, Education