Director, IT SOX Compliance

Gap Inc.•San Francisco, CA

About The Position

The Director, IT SOX Compliance is responsible for the strategic leadership, execution, and continuous enhancement of the Company’s IT SOX compliance program, ensuring a robust internal control environment over financial reporting. This role serves as a key enterprise partner, collaborating closely with IT, Engineering, Finance, Controllership, Internal Audit, and external auditors to design, document, assess, and strengthen IT controls across all in-scope systems and processes. The ideal candidate is a seasoned IT SOX leader with deep expertise in IT general controls (ITGCs), application controls, audit coordination, and complex control remediation. This individual brings strong program governance, risk-based decision-making, and executive-level stakeholder management capabilities, enabling effective oversight of compliance initiatives while driving consistency, scalability, and continuous improvement across the organization.

Requirements

8+ years of relevant experience in IT Audit, IT SOX compliance, Information Security, or IT Risk Management, preferably within the tech industry or a Big 4 public accounting firm.
5+ years of experience leading, mentoring, and building high-performing compliance or audit teams.
Deep understanding of modern IT operations, including cloud security architectures (AWS, Azure, GCP), DevOps practices, agile change management, and complex logical access management.
Proven experience evaluating large-scale system implementations, Infrastructure as Code (IaC), and workflow orchestration.
Hands-on experience implementing and managing GRC platforms (e.g., AuditBoard, LogicGate, MetricStream, Archer, ServiceNow).
Strong quantitative and problem-solving skills with a proven track record of utilizing data analytics and automating manual compliance processes.
Exceptional ability to translate complex technical and regulatory specifications to non-technical personnel and executive leadership.

Responsibilities

Lead and drive the strategy, implementation, and continuous maintenance of our IT SOX compliance program end-to-end for the enterprise.
Oversee the annual IT risk assessment and scoping process to ensure alignment with financial reporting risks.
Oversee the design and effectiveness of IT General Controls (ITGCs) and key IT application controls (ITACs), including access management, privileged access, segregation of duties, change management, computer operations, interfaces, and key reports/IPE.
Partner with Internal Audit and external auditors to coordinate requests, walkthroughs, testing, and timely resolution of control issues.
Maintain high-quality SOX documentation, including risk and control matrices, narratives, flowcharts, and control evidence.
Drive control deficiency remediation by partnering with control owners on root cause analysis, action plans, and retesting readiness.
Support system design, upgrades, and major technology changes to ensure SOX requirements are built into processes and controls.
Review third-party assurance reports (e.g., SOC 1) and assess vendor controls that may impact financial reporting.
Deliver training and guidance to control owners and stakeholders on SOX expectations, documentation standards, and audit readiness.
Develop and inspire others while fostering a culture of one team modeling full ownership to delivery and outcomes expected.
Identify opportunities to improve the efficiency and scalability of the SOX program through automation, metrics, and GRC tools.
Communicate technical and regulatory specifications and requirements to non-technical personnel in a clear and understandable manner.