Section Navigation

SOX Compliance Analyst

Reports to: Director, Information Security


The IT Compliance Analyst is responsible for leading the planning, execution and testing of management's internal controls in accordance with Section 404 of the Sarbanes-Oxley Act. This individual will help determine the IT scope of management's assessment and perform internal controls testing to monitor design and operating effectiveness of such controls within the 1-800-Flowers, Inc. enterprise.

This individual will partner with IT and Business Leadership, as well as the Director of Information Security to manage/control/perform/audit activities related to SOX/PCI/etc regulations, laws, policies, and procedures applicable to overall 18F Enterprise.

Core Responsibilities

  • Leads the planning and execution of management's annual internal controls assessment in accordance with Section 404 of the Sarbanes-Oxley Act
  • Serves as a leader during the IT Risk Assessment and Audit Plan development activities
  • Performs and administers internal IT audits to ensure the existence of and adherence to the established controls and internal policies
  • Partners with IT team and 3rd party service providers to coordinate scope, timing, and resources for audits
  • Notifies and trains personnel about IT audit processes
  • Plans, supervises, executes and reports results for IT audits and SOX assessments
  • Identifies system, business and process improvement opportunities
  • Ensures all internal and external regulatory compliance requirements are met, including PCI and SOX
  • Collaborates with and supervises IT Audit Consultants during the execution of IT audits, including process and/or system understanding and documentation, risk and control identification, audit test design and execution, audit documentation and report writing
  • Develops and maintains a formal monitoring program over the Enterprise's IT systems and implementation
  • Reports on discovered/existing deficiencies and recommends corrective action to improve operations and compliance
  • Presents final report and audit findings to the CIO and Enterprise Operating Committee for review
  • Assist business area partners towards successful control/issue remediation

Detailed Responsibilities

  • Oversees the development of IT audit documentation i.e. control framework, work flows (if applicable), test plans, controls testing and preparation of compliance reports
  • Supports SOX compliance processes by planning and providing employee training on SOX awareness programs
  • Partners with IT service providers to coordinate scope, timing, and resources for audits
  • Identifies business risk and develop comprehensive audit plans to monitor management controls over business risks within the information technology general and application environment
  • Recommends process improvement solutions and effective internal control standards
  • Tracks and monitors IT remediation efforts
  • Implements a continual testing and audit processes for Internal Security, SOX and PCI, (Payment Card Industry) policies throughout the year
  • Audits overall policies hub to ensure continual alignment with compliance requirements for review and completeness
  • Participates in compliance remediation projects with testing support and evidence collection
  • Develops and maintains updates to IT Policies and Procedures – excluding Security Related
  • Performs proactive risk and control gap identification
  • Performs key control testing and works with business area partners, control stakeholders to determine severity and rating of exceptions
  • Manages all IT SOX documentation e.g. control narratives
  • Coordinates with IT personnel across the organization to implement required controls and maintain appropriate evidence
  • Tracks and monitors any new system implementations to help ensure internal controls are considered throughout the project; assist in creating documentation around implementations
  • Monitors and implements audit and compliance best practices on an ongoing basis
  • Participates in meetings to update management on IT remediation, documentation , testing execution, and testing results
  • Monitors the Change Management process for IT process owners to update documentation.
  • Support all systems/processes in scope for SOX from IWS (Infrastructure, Information Systems, Web Delivery, PMO and Quality Assurance)
  • Acts as a liaison between external auditors and the technology teams
  • Evaluates new systems, applications and process from an IT controls standpoint
  • Assist with the Enterprise's Section 302 efforts by tracking and reporting changes in the Company's IT internal control systems
  • Continuously works to enhance the SOX process to become more efficient and effective

Communication / Reporting

  • Participate in the Company-wide Section 404 education and communication program
  • Ensures effective communication and collaboration between IT functions
  • Produces IT risk status reports


  • Shows a commitment to continual self-improvement in order to learn and stay current with compliance methodologies, processes/best practices, and related technologies – shares information gained with co-workers

To Apply: Send your Cover Letter and Resume, including salary history, to:
Human Resources at
One Old Country Road
Suite 500
Carle Place, NY 11514


Only Qualified Applicants Will Be Contacted.

© 2016, Inc., Carle Place, NY
Family of Brands Terms of Use - Privacy Policy