Director of Audit & Risk Management

About The Position

Requirements

• Bachelor’s degree in Accounting, Finance, Business Administration, Risk Management or a related field.
• Relevant certification such as CPA, CIA (Certified Internal Auditor), CRMA (Certification in Risk Management Assurance), or equivalent.
• Minimum of 8–12 years of progressively responsible experience in internal audit, risk-management, compliance or assurance roles—preferably within a complex global or multi-state nonprofit organization (or large corporate/multinational environment with nonprofit experience).
• Proven experience designing and implementing enterprise risk management frameworks and internal audit programs.
• Strong understanding of nonprofit accounting, regulatory environment (including 501(c)(3) issues, donor-compliance, grant or in-kind donation dynamics).
• Excellent analytical, conceptual thinking and problem-solving skills.
• Strong communicator: ability to articulate risk-and-control issues to executive leadership and Board in clear terms, with actionable recommendations.
• Demonstrated ability to lead and develop teams, build relationships across functions, and influence change.
• High integrity and commitment to ethical frameworks, transparency, and good governance.

Nice To Haves

• Master’s degree or professional certification preferred.
• Experience with supply-chain/logistics risk, disaster-recovery operations or product-philanthropy/charitable-goods distribution is a plus.

Responsibilities

• Develop and maintain an internal audit plan aligned with Good360’s strategic objectives, risk profile and operational footprint (including logistics, disaster-relief supply chains, product donations, nonprofit partner network).
• Lead and supervise audit engagements: financial audits, operational audits, compliance audits, information-technology and cybersecurity audits.
• Ensure timely reporting of audit findings, root-cause analysis, and follow-up on remediation plans.
• Coordinate with external auditors, regulatory auditors and other assurance providers; provide support for their work, assess their findings, and implement recommendations.
• Present audit reports, trends and risk-insights to senior leadership and the Audit & Risk Committee of the Board.
• Develop and maintain an enterprise risk management (ERM) framework: risk identification, risk assessment (likelihood/impact), risk monitoring, and risk-mitigation strategies.
• Partner with functional leads (finance, operations, logistics, IT, legal, compliance, disaster-response) to identify emerging risks (e.g., supply-chain disruptions, regulatory changes, disaster response liability, donation-compliance, reputational risks) and integrate risk mitigation into strategy and operations.
• Design and implement appropriate internal control frameworks (e.g., policies & procedures, segregation of duties, monitoring controls) to mitigate key risks in the organization.
• Monitor compliance with applicable laws, non-profit industry standards, donor restrictions, and internal policies (for example, guidelines for donated goods distribution, compliance best-practices).
• Develop or enhance risk-reporting dashboards, key risk indicators (KRIs) and risk appetite metrics for senior leadership and the Board.
• Serve as a trusted advisor to the CEO, CFO, senior management and the Board on governance, audit and risk-related matters.
• Lead or participate in enterprise initiatives (e.g., major system implementations, disaster-response logistics expansions, new program roll-outs) to ensure risks are evaluated and controls embedded proactively.
• Foster a strong compliance and risk-awareness culture across Good360 through training, communications and cross-functional engagement.
• Manage the internal audit & risk team: hire, develop, set goals, monitor performance and build capability.
• Ensure the organization is audit-ready—maintain documentation, processes, and tools to support efficient external and internal reviews.
• Develop metrics to measure the effectiveness of the audit and risk-management functions (e.g., closed audit findings rate, risk-mitigation effectiveness, control exceptions, trend-analysis).
• Conduct periodic reviews of the audit/risk function to benchmark against best practices in the nonprofit sector and identify improvement opportunities.
• Stay current on nonprofit governance, regulatory developments, risk-management best practices and assurance methodologies.

Benefits

• Heath, dental, and vision coverage programs (including competitive deductible and reimbursement policy)
• Short-term and long-term disability and life insurance coverage options
• 403B plan with matching
• Generous and flexible paid time off policy
• Volunteer time off policy
• Hybrid work environment