Director, SOX & Governance

BILL•San Jose, CA

About The Position

The Director of SOX and Internal Control over Financial Reporting is a strategic and highly visible leadership role responsible for the end-to-end design, implementation, and execution of the company's Sarbanes-Oxley (SOX) Section 404 compliance program. This role ensures the company maintains a robust and efficient internal control environment over financial reporting (ICFR) to safeguard company assets, prevent material misstatements, and support the CEO/CFO's annual certifications.

Requirements

Education: Bachelor's degree in Accounting, Finance, or a related field.
Big 4 Requirement: Minimum of 5+ years of experience in a Big 4 accounting firm (Audit or Risk Advisory), specifically focused on SOX 404 audits and ICFR for large accelerated filers.
Experience: Minimum 10+ years of progressive experience in SOX compliance, Internal Audit, or financial controls, with significant experience managing a global SOX program for a publicly traded company.
Technical Skills: Deep knowledge of SOX Section 404 requirements, the COSO Framework, and PCAOB auditing standards.
Proven expertise in assessing and managing IT General Controls (ITGCs) and finance transformation.
Leadership: Demonstrated ability to lead cross-functional initiatives, manage and develop staff, and communicate complex control issues clearly and concisely to non-financial executives and external auditors.

Nice To Haves

Certification: Active Certified Public Accountant (CPA) or Certified Internal Auditor (CIA) is strongly preferred. CISA is a plus.

Responsibilities

SOX Strategy and Leadership Program Ownership: Own and lead the company's annual SOX compliance lifecycle, including planning, scoping, documentation, testing, remediation, and final management reporting.
Risk Assessment and Scoping: Direct the annual financial risk assessment to identify significant accounts, relevant assertions, and key controls. Adjust the SOX scope proactively to address organizational changes, system implementations, and acquisitions.
Audit Coordination: Serve as the primary point of contact and liaison between management, control owners, Internal Audit, and the External Auditors for all SOX-related matters to ensure a co-ordinated, efficient, and cost-effective audit process.
Executive Reporting: Prepare and present quarterly SOX status reports, control deficiency summaries, and remediation progress updates to Senior Management.
Control Design: Evaluate the design and operating effectiveness of both business process controls (e.g., Revenue, Procurement, Treasury) and IT General Controls (ITGCs) and application controls.
Deficiency Management: Manage the process for evaluating, assessing the severity (e.g., deficiency vs. material weakness), and tracking the timely remediation of all control gaps.
Control Optimization: Drive a continuous improvement mindset, identifying opportunities for control rationalization, process streamlining, and the adoption of automation (e.g., leveraging GRC tools, automated controls) to enhance compliance efficiency.
Technical Expertise: Serve as the internal subject matter expert on all SOX-related regulations (SEC, PCAOB) and control frameworks (COSO).
Process Owner Engagement: Partner closely with process and control owners across Finance, IT, and Operations to provide guidance, deliver training, and ensure control responsibilities are clearly understood and executed effectively.
Change Management: Proactively assess and manage the SOX impact of new financial systems (e.g., ERP implementations), significant process changes, and digital transformation initiatives.
Training and Culture: Develop and deliver SOX training programs to elevate the organization's overall understanding and commitment to internal controls.
Policy Architecture: Spearhead the development, maintenance, and periodic review of global accounting and operational policies to ensure they remain aligned with evolving regulatory standards and business scale.
Standardization: Drive the harmonization of processes across different business units to ensure a unified "single source of truth" for compliance and governance reporting.