IT SOX & Governance Director

About The Position

Requirements

• Bachelor’s degree in Information Technology, Information Systems, Accounting, Finance, or related field
• 10+ years of IT audit, SOX compliance, IT governance, or risk management experience
• Strong understanding of SOX 404, ITGC frameworks, and audit methodologies
• Experience working with internal/external auditors and leading SOX programs
• Proven ability to lead teams and drive cross-functional initiatives

Nice To Haves

• Master’s degree or MBA
• Professional certifications such as CISA, CRISC, CGEIT, CISSP, or CPA
• Experience implementing or maturing IT governance frameworks (COBIT, NIST)
• Experience in complex, global, or publicly traded organizations

Responsibilities

• Lead the planning, execution, and management of the IT SOX program, including annual scoping, control design, testing, remediation, and reporting
• Ensure ITGC (IT General Controls), application controls, and automated controls meet regulatory and audit requirements
• Coordinate with internal and external auditors, providing documentation, walkthroughs, and evidence to support SOX audits
• Drive timely remediation of control gaps and deficiencies, partnering with IT and business teams
• Oversee the implementation of IT security and GRC policies, procedures, and standards
• Collaborate with teams across the organization to strengthen cybersecurity awareness and practices
• Ensure the organization complies with industry-specific security and data protection regulations
• Oversee the implementation and testing of security controls. Collaborate with internal and external auditors to demonstrate compliance
• Provide expert advice to senior leadership on GRC matters, including risk posture, strategic roadmaps, and necessary courses of action
• Develop, implement, and maintain IT governance frameworks aligned with COBIT, ITIL, NIST, and industry best practices
• Establish and enforce IT policies, standards, and procedures to ensure consistency and compliance
• Oversee IT risk assessments, including identification, scoring, monitoring, and mitigation of technology risks
• Partner with Security, Legal, Finance, and Internal Audit to align on governance and compliance priorities
• Provide strategic direction for IT risk, compliance, and governance initiatives across the organization
• Lead and mentor a team of governance, compliance, and audit professionals
• Present program updates, control status, and risks to senior leadership and audit committees
• Promote a culture of compliance, accountability, and risk awareness within the IT organization
• Develop and maintain KPIs, dashboards, and reporting mechanisms to track compliance and control performance
• Optimize processes through automation, tools, and continuous improvement practices
• Ensure third-party vendors and service providers meet compliance and control expectations