Manager, SOX

About Us Founded in 1992 in Dover, NH, Planet Fitness is one of the largest and fastest-growing franchisors and operators of fitness centers in the United States by number of members and locations. We have over 2,700+ stores in 50 states, the District of Columbia, Puerto Rico, Canada, Panama, Mexico, Spain, and Australia. 90% of Planet Fitness stores are owned and operated by independent franchisees. At Planet Fitness, our unique mission has always been to enhance people's lives by providing a high-quality fitness experience in a welcoming, non-intimidating environment. And we're proud of the amazing Planet Fitness team that supports our clubs and team members. They are comprised of dynamic, dedicated, and talented individuals who represent our values of integrity, transparency, passion, respect, and excellence (while having fun!) in everything they do. Joining the PF family means being part of a company that cares about bettering the health and wellbeing of our communities. It means being a part of a supportive, engaging workforce with an inclusive culture that values diversity and creates an environment where everyone can feel they belong. It means encouraging professional growth and development. It means making true, lasting connections with your co-workers with celebrations, team building activities and engaging corporate events! It means creating a positive impact in our local communities through our Judgement Free Generation philanthropic initiative. It means being part of a brand that you can be proud of! For the past 30 years, we've helped millions of people in their fitness journey and revolutionized the industry along the way. And we're just getting started! Overview The Manager, SOX's primary responsibility will be to lead and continually improve the Company's Sarbanes-Oxley (SOX) compliance program, ensuring the design, operation, and audit readiness of information technology related internal controls over financial reporting (ICFR), while partnering closely with Finance, Information Technology ("IT"), Internal Audit and Information Security. The Manager, SOX will work in close collaboration with Security Operations to assess security-related controls and incidents as they relate to SOX requirements. This person will also work on and improve other compliance programs which include GDPR, PCI, and other privacy compliance regulations as time permits. This role is expected to work our hybrid schedule out of the Hampton, NH office or future Boston, MA office. Responsibilities SOX Program Ownership & Governance * Own the end-to-end SOX compliance program for IT, including scoping, risk assessment, control design, testing, remediation, and reporting. * Lead annual SOX planning and quarterly execution, ensuring timely completion of support required for Internal Audit testing, management certifications and external reporting. * Ensure compliance with SOX Section 404, COSO framework, and PCAOB standards. * Prepare, review, and maintain SOX risk and control documentation, including, flowcharts and periodic evidence of control performance. * Manage all incremental Internal and External Audit testing evidence requests. Internal Controls & Risk Management * Participate in External Audit led IT process and control walkthroughs to evaluate the effective design of IT general controls. * Ensure timely and accurate evidence of operating effectiveness of key IT General Controls including access management, change management, system monitoring, and data integrity controls is completed by the respective IT control preparers and reviewers. * Participate in joint testing, with External and Internal Audit, of key application controls and system generated reports used in the performance of the Company's key business process and IT general controls. * Identify control gaps, deficiencies, and emerging risks; partner with control owners and Internal Audit to define, document, and track remediation plans. * Assess the SOX impact of business and technology changes, including new systems, international expansion, franchise growth, organizational changes, and acquisitions. * For all key technology vendors, ensure appropriate System and Organization Controls ("SOC") audits are performed and SOC audit reports are reviewed for any deficiencies and mapping of Complementary User Entity Controls (CUECs) to effective controls in the Company's overall SOX program. Information Security Partnership * Partner closely with Information Security and Security Operations to understand the design and operation of security controls relevant to SOX, including user access, logging, monitoring, and incident response processes. * Assess the SOX and ICFR impact of security incidents in collaboration with SECOPS, including evaluating whether incidents represent control deficiencies or require remediation or audit disclosure. * Coordinate the collection and evaluation of security-related evidence required for SOX testing, while maintaining independence from day-to-day security operations. Audit Management * Serve as a primary point of contact for internal and external auditors related to SOX and ICFR matters. * Coordinate walkthroughs, testing requests, deficiency evaluations, and remediation follow-ups. * Support management in the evaluation and communication of control deficiencies, including severity assessments and remediation status. Process Improvement & Scalability * Drive continuous improvement of SOX processes by standardizing controls, reducing redundancy, and leveraging automation where appropriate. * Utilize SOX and GRC tools to improve efficiency, transparency, and documentation quality. * Stay current on regulatory guidance, SOX best practices, and evolving risks, including those impacting global operations. Qualifications * Bachelor's degree in information systems, Computer Science, Management Information Systems, Accounting, Finance, or related field * 5+ years of experience in SOX compliance/Internal Audit in a public company, or IT Audit (Big 4 or another national firm) * System implementation experience * Certifications (strongly preferred): CISA, CIA, CPA * Strong working knowledge of SOX, ICFR, and COSO framework * Experience evaluating control deficiencies (including severity assessment) and leading remediation efforts through closure * Experience partnering with internal and external auditors and cross-functional stakeholders * Ability to operate effectively in a complex, growth-oriented organization * Experience with large ERP or financial systems, including automated controls and system interfaces * Hands-on experience managing SOX Section 404(b) compliance, including management assessments and auditor attestation is a plus * Experience with GDPR, PCI, and other data privacy regulations is a plus * Strong analytical and problem-solving skills * Background within retail, payment, and e-commerce sectors * Highly detail-oriented and efficient, with exceptional planning, prioritization, organizational, and project management skills * Excellent presentation and communication skills along with the ability to communicate effectively across all levels of the organization * Able to establish and maintain effective, collaborative work relationships with diverse individuals, internally and externally * Dedicated learner with a natural curiosity for consistent growth * Exhibits comfort, ease, and flexibility working in an extremely fast-paced ever-changing, deadline-driven environment * Cooperative team player with an upbeat, positive, "can-do" attitude! * Availability to work off-hours and provide on-call support as needed Perks Planet Fitness cares about you and your well-being. We offer a comprehensive benefits package to eligible employees which includes the core medical, dental, vision, life and disability as well as supplemental accident, hospital and critical illness coverage options. In addition, we are proud to offer eligible employees a generous time off program (including volunteer time), childcare reimbursement, paid parental leave, pet care reimbursement, tuition reimbursement, free Black Card membership, learning and development programs and a whole host of engagement activities. We offer a 401(k) Plan with safe harbor employer matching and an employee stock purchase plan.This role is also eligible to participate in an annual corporate bonus incentive program based on company financial and personal performance. Note to Applicants: We have been made aware of an increasing number of hiring fraud schemes across numerous platforms. Planet Fitness never requires advance payments of any kind for computer equipment or any other purpose at the start of employment. Any request for you to provide payment information during the application process is part of a fraud scheme. Further, we recommend that you do not provide sensitive personal information (SSN, DOB, driver's license number) as part of the initial application process. Min Max Responsibilities SOX Program Ownership & Governance - Own the end-to-end SOX compliance program for IT, including scoping, risk assessment, control design, testing, remediation, and reporting. - Lead annual SOX planning and quarterly execution, ensuring timely completion of support required for Internal Audit testing, management certifications and external reporting. - Ensure compliance with SOX Section 404, COSO framework, and PCAOB standards. - Prepare, review, and maintain SOX risk and control documentation, including, flowcharts and periodic evidence of control performance. - Manage all incremental Internal and External Audit testing evidence requests. Internal Controls & Risk Management - Participate in External Audit led IT process and control walkthroughs to evaluate the effective design of IT general controls. - Ensure timely and accurate evidence of operating effectiveness of key IT General Controls including access management, change management, system monitoring, and data integrity controls is completed by the respective IT control preparers and reviewers. - Participate in joint testing, with External and Internal Audit, of key application controls and system generated reports used in the performance of the Company's key business process and IT general controls. - Identify control gaps, deficiencies, and emerging risks; partner with control owners and Internal Audit to define, document, and track remediation plans. - Assess the SOX impact of business and technology changes, including new systems, international expansion, franchise growth, organizational changes, and acquisitions. - For all key technology vendors, ensure appropriate System and Organization Controls ("SOC") audits are performed and SOC audit reports are reviewed for any deficiencies and mapping of Complementary User Entity Controls (CUECs) to effective controls in the Company's overall SOX program. Information Security Partnership - Partner closely with Information Security and Security Operations to understand the design and operation of security controls relevant to SOX, including user access, logging, monitoring, and incident response processes. - Assess the SOX and ICFR impact of security incidents in collaboration with SECOPS, including evaluating whether incidents represent control deficiencies or require remediation or audit disclosure. - Coordinate the collection and evaluation of security-related evidence required for SOX testing, while maintaining independence from day-to-day security operations. Audit Management - Serve as a primary point of contact for internal and external auditors related to SOX and ICFR matters. - Coordinate walkthroughs, testing requests, deficiency evaluations, and remediation follow-ups. - Support management in the evaluation and communication of control deficiencies, including severity assessments and remediation status. Process Improvement & Scalability - Drive continuous improvement of SOX processes by standardizing controls, reducing redundancy, and leveraging automation where appropriate. - Utilize SOX and GRC tools to improve efficiency, transparency, and documentation quality. - Stay current on regulatory guidance, SOX best practices, and evolving risks, including those impacting global operations.

Created: 2026-03-03