Director, IT SOX & Internal Controls

Guardant Health•Palo Alto, CA

20h•Hybrid

About The Position

Guardant Health is a leading precision oncology company focused on guarding wellness and giving every person more time free from cancer. Founded in 2012, Guardant is transforming patient care and accelerating new cancer therapies by providing critical insights into what drives disease through its advanced blood and tissue tests, real-world data and AI analytics. Guardant tests help improve outcomes across all stages of care, including screening to find cancer early, monitoring for recurrence in early-stage cancer, and treatment selection for patients with advanced cancer. For more information, visit guardanthealth.com and follow the company on LinkedIn, X (Twitter) and Facebook. Guardant Health is seeking a Director, IT SOX & Internal Controls to join our Global Internal Controls & SOX Compliance Team. This role is responsible for the organization’s IT SOX compliance, operational audit readiness, and technology risk management across the organization. The ideal candidate possesses extensive SOX and audit expertise, coupled with strong leadership and technical acumen. They should be able to comprehend system architecture, data flows, and leverage programming skills to enhance control automation and monitoring. This position collaborates cross-functionally with the CIO’s organization, Finance, and functional teams to ensure the organization meets SOX 404 compliance requirements, and controls are effective and sustainable in a rapidly scaling and technology-driven environment. If you possess a bright mind, a friendly disposition, an insatiable curiosity for knowledge, perceive challenges as steppingstones to learning, are driven by the pursuit of novel experiences and obstacles, and derive immense satisfaction from collaborating with both humans and artificial intelligence, we would be delighted to engage in a conversation with you. This is a hybrid work arrangement, with three days in our Palo Alto office and two days working remotely, reporting to our Head of Global Internal Controls and SOX Compliance. You're excited about this opportunity because you will…

Requirements

Bachelor’s degree (or equivalent experience) in Information Systems, or a related field. Master’s degree or CISA preferred.
12+ overall years of hands-on audit experience in information technology, audit, SOX compliance, cloud applications, information security, networks, and infrastructure.
5+ years of leadership experience in a fast-paced, global environment.
Strong project management and organizational skills with the ability to oversee complex programs.
Strong critical thinking mindset, analytical and problem-solving skills with exceptional attention to detail.
Outstanding communication and leadership skills to influence and collaborate at all levels.
Strong understanding of internal controls over financial reporting (ICOFR), COSO, COBIT, and NIST frameworks, and the ability to audit complex SDLC/Agile processes.
Cloud Infrastructure: Hands-on experience auditing AWS or Azure environments.
Solid programming or scripting skills (e.g., SQL, Python, PowerShell, or similar).
Systems: Experience with Oracle, Salesforce, Workday, and Lab systems (i.e., LabVantage)
Analytics & Automation: Proficiency with data analytics, AI & GRC tools (e.g., Tableau, AuditBoard).
Software Lifecycle: Deep familiarity with modern CI/CD pipelines & automated deployment controls.

Nice To Haves

Master’s degree or CISA preferred.

Responsibilities

IT SOX Program Leadership Lead and manage the organization's end-to-end IT SOX compliance program for business processes, encompassing the following responsibilities: scoping, risk assessment, control design, testing, issue remediation, and management reporting.
Assess the design and operational effectiveness of IT General Controls (access management, change management, computer operations) and IT Application Controls (ITACs) throughout the company’s technology infrastructure, considering their end-to-end impact on financial reporting.
Drive IT controls rationalization initiatives to optimize the control environment and increase reliance on IT automated controls (ITACs).
Pioneer the use of AI and automation technologies to enhance control effectiveness, continuous monitoring, and risk detection.
Provide comprehensive and succinct reporting on the status of control health, emerging risks, and compliance roadmap aligned with organizational growth.
Remediation Oversight: Collaborate with process owners to develop complete remediation plans for control deficiencies, ensuring that the root causes are identified, validated, and scalable.
External Audit Management: Be the primary IT point of contact for external auditors, ensuring the seamless coordination of testing procedures and the timely implementation of remedial actions for identified deficiencies. Drive reliance strategy discussions and minimize duplication of testing.
Strategic Risk Advisory: Partner with IT Infrastructure & Operations, Business Applications, Software Engineering, and Security teams to provide proactive guidance on control design for new system implementations, cloud migrations, infrastructure changes and platform upgrades, and new product launches. Cohort with Security team on identity management and third-party risk management.
Process Automation & Efficiencies: Drive efficiency by transitioning from traditional point-in-time testing to continuous monitoring using data analytics and automation tools. Identify emerging risks associated with SOX and IT GRC compliance, and their potential impact on business operations and system transformations. Maintain a broad understanding of audit guidelines and emerging technological risks.
Leadership & Management Reporting: Lead and develop team members, including coaching, performance management, and skill development. Cultivate cross-functional collaboration among teams without direct authority, while simultaneously promoting a robust internal control framework, fostering ownership and accountability. Translate technical IT and compliance risks into financial reporting controls and business impact. Collaborate with Finance leadership to ensure IT risks are appropriately reflected in management certifications and disclosures.