Senior Director Internal Audit and SOX

ForeFlightCentennial, CO
$200,000 - $245,000Hybrid

About The Position

We are scaling fast and building the financial infrastructure to match. Backed by Thoma Bravo, we are a high-growth SaaS company operating with the urgency of a startup and the financial rigor expected by a sophisticated institutional investor. Our private equity sponsors are active, numbers-driven, and expect a control environment that will hold up under the most demanding scrutiny. So do we. As our Senior Director of Internal Audit and SOX, you will build and lead the internal audit function from the ground up at a pivotal moment in our trajectory. We are on the path to an initial public offering or strategic exit, and the control environment you design, test, and operate will be the one that goes in front of the Securities and Exchange Commission, the Public Company Accounting Oversight Board, and our Big 4 external auditors. This is not an audit coordination role. You will own the risk assessment, write the audit plan, build the team, run the audits, remediate the findings, and report directly to the Audit Committee. You will partner with the Chief Accounting Officer, the Chief Financial Officer, and every function that touches financial reporting, information technology, and operations. If you have built an internal audit function inside a private equity-backed or pre-initial public offering company and understand what it takes to achieve Sarbanes-Oxley Section 404(b) compliance in an environment where the processes are still being built, we want to talk. Role located in Englewood, CO (Hybrid)

Requirements

  • Bachelor's degree in Accounting, Finance, or a related field.
  • 12 or more years of progressive internal audit, external audit, or risk and controls experience, including at least 4 years leading an internal audit or Sarbanes-Oxley function.
  • Deep, hands-on Sarbanes-Oxley Section 404 expertise, including scoping, control documentation, testing, deficiency classification, and external auditor coordination.
  • Experience building or operating an internal audit function inside a pre-initial public offering, private equity-backed, or recently public company.
  • Strong understanding of information technology general controls and the ability to audit and assess them without relying entirely on a technical specialist.
  • Demonstrated ability to present to and communicate with an Audit Committee or Board-level audience.
  • Track record of managing relationships with Big 4 external audit teams as the primary client-side owner of internal control over financial reporting matters.
  • Certified Public Accountant, Certified Internal Auditor, or both.

Nice To Haves

  • Big 4 public accounting background at the Manager level or above, with significant internal control over financial reporting or advisory experience.
  • Experience taking a company through a full Sarbanes-Oxley Section 404(b) first-year implementation and integrated audit.
  • Familiarity with SaaS-specific risk areas: revenue recognition under Accounting Standards Codification 606, commissions capitalization, deferred revenue, and usage-based billing.
  • Experience operating in a private equity-backed environment and familiarity with sponsor reporting cadences, covenant compliance, and Board package expectations.
  • Exposure to acquisition integration audits, opening balance sheet reviews, and purchase price allocation validation.
  • Familiarity with Oracle enterprise resource planning audit and information technology general controls testing in an Oracle environment.
  • Certified Information Systems Auditor designation or equivalent information technology audit experience.
  • Experience with Securities and Exchange Commission reporting readiness, including Management Discussion and Analysis support, disclosure controls assessment, and sub-certification processes.
  • Are comfortable telling a Vice President or a business unit leader that their control does not work and then helping them fix it.
  • Build audit programs that are thorough enough to stand up to external auditor scrutiny but practical enough that the business can actually execute them.
  • Find unresolved audit findings genuinely offensive and manage remediation with the same rigor you apply to fieldwork.
  • Know what audit-ready actually means at 11:00 PM the night before an external auditor walkthrough.
  • Can operate independently while keeping leadership and the Audit Committee appropriately informed without over-escalating.
  • Want to build a best-in-class internal audit function, not inherit one that is already finished.
  • Thrive in an environment where the processes are still being designed and your judgment matters more than the policy manual.

Responsibilities

  • Own the end-to-end Sarbanes-Oxley Section 404(b) readiness program, from scoping and risk assessment through control documentation, testing, deficiency evaluation, and remediation tracking.
  • Define the scope of the Sarbanes-Oxley program across all in-scope legal entities, processes, and information technology systems, and defend that scope to external auditors and the Audit Committee.
  • Build and maintain a complete internal control over financial reporting framework with documented control objectives, control descriptions, risk ratings, and testing evidence for every key control.
  • Design and operate walkthroughs, design effectiveness testing, and operating effectiveness testing across financial close and reporting, procure-to-pay, order-to-cash, treasury, payroll, and information technology general controls.
  • Evaluate control deficiencies against materiality thresholds, classify deficiencies as control deficiencies, significant deficiencies, or material weaknesses, and manage remediation plans to closure before the external audit window.
  • Serve as the primary internal liaison to the external audit team on internal control over financial reporting matters. Own the prepared by client list, manage fieldwork timelines, and ensure zero repeat findings.
  • Build the integrated audit model in which internal audit testing and external auditor reliance are coordinated to reduce total audit burden on the business.
  • Build and execute a risk-based annual internal audit plan approved by the Audit Committee, covering financial, operational, compliance, and information technology risks.
  • Conduct the enterprise risk assessment annually and update it dynamically as the business adds legal entities, products, geographies, or completes acquisitions.
  • Lead or supervise all internal audit engagements from planning through fieldwork, findings, management response, and final report issuance.
  • Audit high-risk areas including revenue recognition, commissions, procurement and vendor management, equity administration, treasury operations, and payroll.
  • Issue clear, actionable audit reports with findings rated by severity, root cause identified, and management response and remediation timeline documented.
  • Track open audit findings and remediation commitments to closure. Escalate overdue or unresolved items to the Chief Accounting Officer and Audit Committee.
  • Maintain the internal audit charter and ensure the function operates in accordance with the Institute of Internal Auditors International Professional Practices Framework.
  • Own the information technology general controls program across all in-scope systems, including Oracle enterprise resource planning, Coupa, Navan, Salesforce, and any other financially significant applications.
  • Test and document information technology general controls covering logical access, user provisioning and deprovisioning, segregation of duties enforcement, change management, and batch job monitoring.
  • Partner with the Systems and Information Technology teams on access reviews, privilege management, and change control discipline. Escalate segregation of duties violations and unresolved access exceptions.
  • Audit information technology and cybersecurity controls as part of the annual audit plan, covering disaster recovery, backup integrity, vendor access, and data integrity.
  • Support the Systems team in designing compensating controls where segregation of duties cannot be achieved through system configuration alone.
  • Own the fraud risk assessment and ensure fraud risk considerations are incorporated into the Sarbanes-Oxley scoping, audit plan, and control design.
  • Design and operate anti-fraud controls covering vendor payments, expense reimbursement, payroll, and financial close journal entries.
  • Conduct or oversee sensitive investigations involving potential fraud, ethics violations, or policy breaches, in coordination with Legal and Human Resources.
  • Maintain and promote the company's ethics reporting mechanism and ensure employees understand how to raise concerns.
  • Prepare and present quarterly reports to the Audit Committee covering the Sarbanes-Oxley program status, internal audit results, open findings, risk assessment updates, and emerging risks.
  • Maintain a direct, independent reporting line to the Audit Committee Chair on matters of significance that require escalation outside of management.
  • Partner with the Chief Accounting Officer and Chief Financial Officer on audit committee meeting preparation, including agenda, materials, and pre-meeting briefings.
  • Communicate audit results and control gaps to business owners and senior leadership in a manner that drives accountability without creating unnecessary alarm.
  • Lead internal audit and Sarbanes-Oxley integration activities for add-on acquisitions, including pre-close control gap assessment, opening balance sheet review support, and rapid integration into the consolidated control framework.
  • Support quality of earnings and financial due diligence processes in partnership with the Chief Accounting Officer and Chief Financial Officer on potential acquisitions.
  • Partner with Legal, Finance, and Operations on compliance initiatives, policy development, and process improvement projects where an independent audit perspective adds value.
  • Build and lead an internal audit team of 3 to 6 professionals across audit, Sarbanes-Oxley testing, and information technology audit, with the expectation that the team grows as the company scales.
  • Define team structure, roles, and responsibilities. Determine the appropriate mix of internal headcount and co-source support from a third-party audit firm.
  • Manage the co-source relationship with the external internal audit firm, including scope, quality, and budget.
  • Set clear performance expectations, provide direct and timely feedback, and develop your team into skilled audit professionals.
  • Create career development plans and ensure your team has the access, training, and tools to do their work without unnecessary friction.

Benefits

  • Medical, dental, vision insurance with Employer paid health premiums
  • Open PTO Policy
  • 401(k) with up to 10% company matching and immediate vesting
  • 12 Weeks Paid Parent Leave
  • Flight Training Rewards
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service