Key skills
AWSAzureCloudGoogle Cloud PlatformServiceNowAnalyticsGCPGoogle CloudAgileLeadershipRisk ManagementMentoringChange ManagementCloud Security
About this role
Role Overview
- Lead and drive the strategy, implementation, and continuous maintenance of our IT SOX compliance program end-to-end for the enterprise
- Oversee the annual IT risk assessment and scoping process to ensure alignment with financial reporting risks
- Oversee the design and effectiveness of IT General Controls (ITGCs) and key IT application controls (ITACs), including access management, privileged access, segregation of duties, change management, computer operations, interfaces, and key reports/IPE
- Partner with Internal Audit and external auditors to coordinate requests, walkthroughs, testing, and timely resolution of control issues
- Maintain high-quality SOX documentation, including risk and control matrices, narratives, flowcharts, and control evidence
- Drive control deficiency remediation by partnering with control owners on root cause analysis, action plans, and retesting readiness
- Support system design, upgrades, and major technology changes to ensure SOX requirements are built into processes and controls
- Review third-party assurance reports (e.g., SOC 1) and assess vendor controls that may impact financial reporting
- Deliver training and guidance to control owners and stakeholders on SOX expectations, documentation standards, and audit readiness
- Develop and inspire others while fostering a culture of one team modeling full ownership to delivery and outcomes expected
- Identify opportunities to improve the efficiency and scalability of the SOX program through automation, metrics, and GRC tools
- Communicate technical and regulatory specifications and requirements to non-technical personnel in a clear and understandable manner.
Requirements
- 8+ years of relevant experience in IT Audit, IT SOX compliance, Information Security, or IT Risk Management
- 5+ years of experience leading, mentoring, and building high-performing compliance or audit teams
- Deep understanding of modern IT operations, including cloud security architectures (AWS, Azure, GCP), DevOps practices, agile change management, and complex logical access management
- Proven experience evaluating large-scale system implementations, Infrastructure as Code (IaC), and workflow orchestration
- Hands-on experience implementing and managing GRC platforms (e.g., AuditBoard, LogicGate, MetricStream, Archer, ServiceNow)
- Strong quantitative and problem-solving skills with a proven track record of utilizing data analytics and automating manual compliance processes
- Exceptional ability to translate complex technical and regulatory specifications to non-technical personnel and executive leadership.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- ServiceNow
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development
- Bonuses
- Stock options