Apply on Kit Job: kitjob.in/job/4ka4ba

About Ferguson:

Since 1953, Ferguson has been a source of quality supplies for a variety of industries. Together We Build Better infrastructure, better homes and better businesses. We exist to make our customers’ complex projects simple, successful, and sustainable. We proactively solve problems, adapt and grow to continuously serve our customers, communities and each other. Ferguson is proud to provide best-in-class products, service and capabilities across the following industries: Commercial/Mechanical, Facilities Supply, Fire and Fabrication, HVAC, Industrial, Residential Trade, Residential Building and Remodel, Waterworks and Residential Digital Commerce. Ferguson has approximately 36,000 associates across 1,700 locations. Ferguson is a community of proud associates who operate with the shared purpose of building something meaningful. You will build a career that you are proud of, at a company you can believe in.

Senior Information Security Engineer Position - SOX Control

The Ferguson Technology team is looking for a Senior Information Security Engineer specific to SOX Control, who is responsible for designing, implementing, monitoring, and validating IT general controls (ITGCs) and security controls that support Sarbanes Oxley (SOX) compliance. This role sits within the Enterprise Solutions Technology organization, supporting the audit needs of Enterprise Solution applications. This role partners closely with Information Security, Internal Audit, and external auditors to ensure that systems supporting financial reporting are secure, well controlled,



and compliant with regulatory requirements.

This position blends technical security expertise with governance, risk, and compliance (GRC) responsibilities, with a strong focus on access controls, change management, system configuration, and evidence management.

Location: Ferguson India.

Key Responsibilities:

- Design, implement, and maintain IT and security controls supporting SOX compliance (ITGCs).
- Ensure controls align with frameworks such as COSO , COBIT , ISO 27001 , or NIST.
- Assist with the IT SOX program, attending audit walkthroughs and providing support with remediation of control deficiencies.
- Prepare, review, and maintain audit evidence for internal and external SOX audits for in-scope SOX applications.
- Remediate control deficiencies and track corrective action plans to closure.
- Support change management controls for systems impacting financial reporting.
- Monitor logging, vulnerability management, and security configuration standards for in scope systems.
- Evaluate security impact of system changes and new implementations.
- Act as the liaison for SOX, Internal Audit, and external auditors.
- Partner with application owners, infrastructure teams,



and business stakeholders to ensure controls are properly designed and operating effectively.
- Provide guidance and training to IT teams on SOX and security control requirements.
- Create and maintain control narratives, process flows, and technical documentation.
- Identify opportunities to automate controls and audit evidence collection.
- Continuously assess and improve the effectiveness and efficiency of security controls.
- Stay current on SOX and regulatory best practices.

Knowledge Requirements & Qualifications:

- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience).
- 2+ years of IT audit and/or compliance experience in public companies or accounting firms (Big 4 experience preferred).
- Strong understanding of IT General Controls (access management, change management, operations).
- Hands on experience with identity and access management (IAM) systems.
- Experience supporting SOX audits and interacting with auditors.
- Ability to translate technical controls into clear, audit ready documentation.
- Robust analytical, organizational, and communication skills.
- Experience with SOX relevant financial systems (e.g., ERP platforms like SAP, Oracle, Workday).
- Familiarity with risk and compliance tools (e.g., Service Now GRC, Archer).
- Experience automating controls and evidence collection.
- Knowledge of cloud security controls (AWS, Azure, GCP) in a SOX regulated environment.

Apply on Kit Job: kitjob.in/job/4ka4ba

📌 Senior IAM Engineer-25777] (India)
🏢 Ferguson GCC
📍 India