Director – IT SOX

Role Overview: The IT SOX Director is responsible for the end‑to‑end ownership of the SOX compliance program, covering IT General Controls (ITGCs), IT Application Controls (ITACs), automated controls, and Business / Financial Reporting SOX. This role partners closely with Information Security, IT, and Finance to ensure effective control design, testing, remediation, and continuous improvement in support of SOX Sections 302 and 404. Key Responsibilities: IT SOX Program Leadership Strategy: Own and lead the end‑to‑end IT and Financial Reporting SOX program, ensuring effective design, operating effectiveness, remediation, and continuous improvement. Oversee SOX compliance for: IT General Controls (ITGCs), IT application controls, and automated controls across existing and new systems supporting financial reporting. Lead financial reporting risk assessments to determine SOX scope for new or changed business processes Risk Assessment, Scoping Control Design Lead annual and ongoing IT risk assessments to determine SOX scope for existing systems, new applications, platforms and technology changes Lead annual and ongoing risk assessments to determine SOX scope for existing and new financial reporting process; Manage the review of design and operating effectiveness of the process SOX Testing Oversight Issue Management: Oversee the design and operating effectiveness reviews of: ITGCs and ITACs across scoped systems and platforms Business and financial reporting controls across in‑scope processes Direct and guide the team through all phases of SOX testing, including planning, walkthroughs, testing, review, and reporting. Perform quality reviews of testing results to ensure accuracy, completeness, and audit readiness, and drive timely completion of in‑house SOX testing. Prepare IT and business process owners for external SOX audits, walkthroughs, and inquiries. Review SOC 1 Type II reports, assess control implications, and coordinate discussions with relevant process owners including Complementary User Entity Controls. Support identification, evaluation, and remediation of SOX deficiencies in partnership with stakeholders. Audit Stakeholder Management Coordinate and support external auditor requests, including walkthroughs, evidence submission, and issue resolution. Build strong working relationships with IT, Engineering, Information Security, and Finance Controllers to ensure smooth SOX execution. Process Improvement, Automation Transformation Identify and implement opportunities to automate IT and SOX controls, reduce manual effort, and increase auditor reliance. Drive standardization and quality of SOX documentation, including process flows, Risk Control Matrices (RCMs), system diagrams, and role matrices. Promote continuous improvement through effective use of SOX tools, GRC platforms, AI tools, and data analytics. Team Leadership Talent Development Lead, coach, and mentor the in‑house SOX team, fostering technical excellence and accountability. Set clear performance expectations, review work quality, and develop a high‑performing compliance culture. Support capability building and succession planning within the SOX function. Regulatory Industry Awareness Stay current with SOX, PCAOB, COSO, and IT risk management standards, including emerging focus areas (eg: AI) Monitor regulatory developments and proactively adapt the SOX program to meet changing expectations Skills required: Strong working knowledge of ITGC, ITAC, Key data reporting testing and financial reporting SOX Ability to interpret and leverage SOC 1 / SOC 2 reports, including evaluation of CUECs and sub‑service organizations Strong working knowledge on SOX scoping for IT applications/platforms and financial reporting process Strong understanding of COSO Internal Control Framework and alignment of IT controls to financial reporting risks Solid understanding of IT environments including ERP systems, cloud platforms, dev Ops, change pipel ... (truncated, view full listing at source)