Description
At Weyerhaeuser, we are the world’s premier timber, land, and forest products company. Sustainability is the founding concept of our business, and our values drive every decision to ensure we continue to lead the forestry industry in sustainability practices. And we know about sustainability – we led it in the forestry industry when we planted our first seedling by hand in 1938. We recognize that our success is dependent on the success of our people. For 125 years, our Weyerhaeuser team has been making a difference in the world – from the seedlings we plant, to the forests and trees we nurture, we ensure every acre is managed with diligence, patience, and pride. That’s the Weyerhaeuser way.
Our IT team is on a mission to transform the timber industry. We are not just in the cloud; we are implementing technology that will keep us at the forefront of innovation in the forest products industry. Join our team and be a key partner to help us shape our digital future. This role will help expand our strategic technical direction and implement solutions that enable business strategies. If you want to be part of a world-class technology team changing the world we live in – come grow with us!
We are seeking a highly skilled and experienced Sr Manager – IT Governance and Controls to join our IT PMO & Business Office organization. In this role, you will lead a team focused on managing IT general controls (ITGC), supporting internal and external audits (including SOX), and driving consistent risk management practices across IT services, projects, and operations. If you are a strategic, proactive leader with a passion for governance, risk, and controls, we invite you to apply for this exciting opportunity.

ADDITIONAL QUALIFICATIONS

• SAP experience including GRC preferred.
• CISA or CRISC certifications preferred.
• Familiarity with tools such as AuditBoard, ServiceNow, or similar GRC platforms.
• Ability to interpret and apply regulatory, audit, and security requirements in a business-friendly, risk-aware manner.
• Enthusiastic team player, proven ability to build partnerships with stakeholders across IT, audit, and business units.

WE KNOW YOU HAVE A CHOICE IN YOUR CAREER. WE WANT YOU TO CHOOSE US.

Weyerhaeuser is an equal opportunity employer. Inclusion is one of our five core values and we strive to maintain a culture where all our people feel a sense of belonging, opportunity and shared purpose. We are committed to recruiting a diverse workforce and supporting an equitable and inclusive environment that inspires people of all backgrounds to join, stay and thrive with our team.
Job Information Technology
Primary LocationUSA-WA-Seattle
Schedule Full-time
Job Level Manager
Job Type Experienced
Shift Day (1st)
Relocation Assistance Availabl

Qualifications

• Bachelor’s degree and/or equivalent work experience noted below.
• 10+ years of progressive, relevant required. Background in IT Audit, IT Security, or IT Risk Management required.
• Strong leadership and team management skills, with the ability to influence and motivate cross-functional teams required.
• Excellent communication and stakeholder management skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences at all levels required.
• Expert level and proven experience with IT risk management, control frameworks (e.g., COBIT, ISO), and general control practices (SOX) required.
• Prior experience working with internal and external IT audit and remediating control deficiencies required

• Lead the development, maintenance, and monitoring of IT general controls (ITGC) across applications and services in alignment with Weyerhaeuser’s Security Framework.
• Plan and administer compliance with Sarbanes Oxley control requirements.
• Define and communicate role expectations across the continuum of SOX compliance.
• Oversee IT audit preparation and response activities, including walkthroughs, evidence collection, and remediation for SOX and business process audits.
• Lead the development, maintenance, and monitoring of IT controls for Systems Development projects (SDLC) in alignment with Weyerhaeuser’s Security Framework and IT PMO standards.
• Collaborate with internal stakeholders (e.g., IT, internal audit, security, procurement, PMO) to ensure control requirements are implemented and maintained throughout project and service lifecycles.
• Perform or oversee IT risk assessments, control gap assessments.
• Manage the centralized risk and control repository (AuditBoard), including certification processes and evidence tracking.
• Provide governance consultation and readiness assessments for IT initiatives, ensuring risk mitigation and control compliance from design through operational readiness.
• Key liaison between IT, internal and external audit, and business teams to ensure transparency, accountability, and control effectiveness throughout project and service lifecycles.
• Service as primary point of contact representing IT with external audit, in partnership with internal audit.
• Drive training, education, and awareness across IT on governance processes, control requirements, and audit preparation best practices.
• Provide leadership and guidance to your team of IT Governance Analysts. Ensure effective communication, collaboration, and professional development. Foster collaboration and support professional development opportunities.
• Defines and maintains key performance indicators and compliance metrics to effectively communicate compliance to senior leadership.
• Seeks to automate processes & controls to reduce manual tasks and improve quality of audit evidence.
• Strategy development, resource management, and talent development, focusing on innovation, value delivery, and operational excellence to drive growth, efficiency, and resilience in partnership with business units.

Qualifications

• Bachelor’s degree and/or equivalent work experience noted below.
• 10+ years of progressive, relevant required. Background in IT Audit, IT Security, or IT Risk Management required.
• Strong leadership and team management skills, with the ability to influence and motivate cross-functional teams required.
• Excellent communication and stakeholder management skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences at all levels required.
• Expert level and proven experience with IT risk management, control frameworks (e.g., COBIT, ISO), and general control practices (SOX) required.
• Prior experience working with internal and external IT audit and remediating control deficiencies required.