Director, IT internal Controls & Risk Compliance

About The Position

Requirements

• 7+ years of progressive experience in IT audit, IT risk management, or SOX compliance within a complex corporate environment.
• Proven track record in planning and executing internal, SOX (Business & IT), operational, and IT audits
• Advanced understanding of internal control frameworks and risk assessment methodology
• Exceptional leadership, communication, problem-solving, critical thinking, and stakeholder management capabilities
• Ability to coach and guide control owners; demonstrated ability to build consensus and work across a matrixed organization.

Nice To Haves

• Experience supporting SOX implementations or major control transformations preferred
• Experience working with PCAOB‑regulated auditors
• Familiarity with audit management tools
• Big 4 or equivalent public‑company experience preferred

Responsibilities

• Audit Execution and Risk Assessment: Plan and develop audit scope for complex assessments including SOX and SOC2 audits; participate in end-to-end engagements from planning through risk assessment, execution, reporting, issue validation, and follow-up; apply a robust understanding of business and IT risks and how controls address these risks. Provide advisory support to Internal Audit on operational or non‑SOX IT audits as needed.
• Internal Controls & Remediation: Provide guidance to control owners on designing and implementing effective controls, ensure timely remediation of deficiencies, recommend improvements; design and implement controls for new entities and evolving business processes; support SOX readiness initiatives and system implementations to embed business, IT, and automated controls appropriately.
• SOX and Compliance Expertise: Apply strong knowledge of SOX requirements, internal control frameworks (COSO, COBIT, NIST), and risk assessment principles to identify control gaps, assess risks, and recommend practical, business-focused solutions; effectively communicate SOX control concepts, audit findings, and remediation expectations to process owners and management, including senior leadership
• IT Controls Implementation & Sustainment: Lead evaluation and implementation of IT General Controls—including user access provisioning/deprovisioning and periodic reviews, segregation of duties considerations, change management and release controls, and operations controls (interfaces, batch processing, backups, monitoring); assess and document controls across complex application landscapes such as digital products, Oracle ERP, legacy/custom, and SaaS; maintain comprehensive risk & control matrices, narratives, and system architecture documentation; partner with Finance and other stakeholders to identify IT-dependent controls and support audit walkthroughs and testing.
• Program Development & Sustainability: Participate in the building of an enterprise IT risk and compliance program beyond initial SOX implementation; maintain an inventory of in-scope applications, infrastructure, and related risks; align IT risk management with enterprise and DES risk initiatives; support development of IT policies and standards, and the creation of metrics for executive, Committee, and Audit reporting; integrate recognized governance frameworks and establish sustainable compliance monitoring processes.
• Collaboration & Coordination: Coordinate audit activities with external auditors to maximize efficiency, leverage work performed, and minimize disruption to the business; build strong relationships across DES, IT, Finance, Internal Audit, and business partners; collaborate effectively to partner across functions and stakeholders.

Benefits

• The pay range for this position is between $124,000 - $165,000 annually.
• An annual bonus plan may be provided as part of the compensation package, in addition to a full range of medical and/or other benefits, depending on the position offered.