Security Analyst

Job Category: Analysts
Job Type: Hybrid
Job Location: Seattle Washington
Compensation: Depends on Experience
W2: OPT/Stem-OPT/CPT Eligible 2 to 3 year opening
JPS-3659 | Posted On: 06/03/2025 | Closes On: 06/09/2025
Description:

Who we are

We are innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we’re in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

About this team

The Cybersecurity team enables us to conduct its global operations in a secure manner and safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintaining a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for a SOX Compliance Specialist, with demonstrated expertise with SOX 404, specifically with respect to IT General Controls

A Day in the Life:

In this role, you will work collaboratively with the Cybersecurity GRC team along with stakeholders across the business to assess, review, verify, and audit technology controls related to SOX Compliance.  The SOX Compliance Specialist will be responsible for coordinating the collection of evidence, walkthrough meetings, remediation, and ensuring that teams are educated on what is required of them. Following are key areas of responsibility for this role:

  • Responsible for assisting with the delivery of the IT SOX program and ensuring the effectiveness of our technology internal control environment.
  • Responsible for documenting the SOX control design narratives and SOX control operating effectiveness testing for in-scope systems and tools. 
  • Works collaboratively with stakeholders across technology and system stakeholders to ensure effective technology controls are in place to meet SOX requirements.
  • Serves as a subject matter expert (SME) for SOX IT compliance across the organization.
  • Proactively communicates changes in regulatory or audit requirements to teams and helps drive the implementation of new or updated controls.
  • Partners with Global Architecture and Technology teams to understand current and future strategies that may impact SOX-relevant systems and processes.
  • Identifies, evaluates, documents, and monitors the remediation of control deficiencies, with an emphasis on assisting process and IT control owners in timely and effective remediation.
  • Assists with quarterly SOX control certifications and management attestations.
  • Automates and assists in gathering audit evidence for internal and external SOX audits.
  • Applies a risk-based approach to planning, executing, and reporting on SOX-related audit engagements.
  • Creates efficiencies for audit engagements by establishing and maintaining document request lists and centralized evidence repositories.
  • Provides metrics and reporting decks to demonstrate that the IT SOX program delivers expected outcomes and effectively supports business objectives.

Qualifications:

  • 5+ years of experience in Security GRC, IT Audit, or a related field, with a strong focus on SOX compliance and IT General Controls (ITGCs) in a retail environment
  • Big 4 IT Audit experience or similar is required, with demonstrated expertise in evaluating and testing ITGCs and application controls supporting financial reporting
  • Deep understanding of SOX Section 404 requirements, including risk assessment, control design, and effectiveness testing
  • Experience working with internal and external auditors, including managing walkthroughs, evidence collection, and audit issue resolution
  • Strong knowledge of ITGC domains such as access controls, change management, IT operations, and system development lifecycle (SDLC)
  • Familiarity with retail-specific systems (ex. Oracle EBS, Retail Management Systems, Order Management Systems, Warehouse Management Systems) and how they intersect with SOX compliance
  • Experience with cloud platforms (e.g., AWS, Azure), SaaS applications, and their implications for SOX controls
  • Proficiency in using GRC tools like ServiceNow, to streamline audit workflows and evidence management
  • Proven ability to drive remediation efforts, track control deficiencies, and support control owners in implementing sustainable solutions
  • Strong communication and stakeholder management skills, with the ability to influence cross-functional teams and align on compliance priorities
  • Demonstrated ability to work in a fast-paced, global retail environment, managing multiple priorities and time zones
  • Professional certifications such as CISA, CPA, or CIA are required

Must haves:

  • Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
  • Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
  • Communicates with honesty and kindness and creates the space for others to do the same.
  • Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
  • Fosters connection by putting people first and building trusting relationships.
  • Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.