Job Description:
• Own and lead the enterprise ITGC strategy and operating model, in consultation with the Chief Accounting Officer and SOX Compliance function
• Develop, maintain, and continuously evolve the ITGC framework, including application controls, aligned to business growth and regulatory expectations.
• Establish governance and accountability for all ITGCs across IT, Engineering, and cloud platforms.
• Inventory all systems and tools that support financial reporting (either directly or indirectly) and define risk-based tiering and prioritisation.
• Drive implementation of IT general controls and application controls across the enterprise, system-by-system, based on the prioritised risk profile.
• Ensure high-quality documentation, testing readiness, and continuous improvement of IT control processes.
• Identify, assess, and proactively manage IT and technology-related SOX risks, ensuring appropriate preventive and detective controls are in place.
• Serve as the primary executive owner for internal and external IT audits, SOX reviews, and control assessments.
• Partner cross-functionally with Engineering, Product, Security, Finance, and Compliance to ensure integrated and scalable risk management
• Oversee the day-to-day effectiveness of ITGC operations, including access management, change control, batch processing, backup and recovery, logging, and cloud configuration controls for in-scope systems.
• Exercise authority to enforce ITGC requirements, including requiring remediation, escalating non-compliance, and pausing or blocking changes or releases that introduce SOX control risk.
• Embed ITGC requirements into CI/CD pipelines, infrastructure-as-code, cloud platforms, and automated access workflows to ensure controls are preventive, repeatable, and scalable.
• Own remediation strategy and execution for ITGC deficiencies, including prioritization, root-cause resolution, validation of fixes, and prevention of repeat findings.
• Maintain accountability for long-term control durability, ensuring controls remain effective as systems, platforms, and delivery models evolve.
• Build, mentor, and scale the ITGC function, including future team growth as the company scales.
Requirements:
• Bachelor’s degree in Information Technology, Computer Science, or a related field
• 12+ years of progressive experience in IT, internal audit, external audit, or risk management, with significant leadership experience; must have at least 3+ years of experience at a U.S. public company
• CGEIT, CISM, CISA, CRISC, CCEP, or equivalent certifications required
• Deep understanding of SOX 404, regulatory requirements, and industry standards; technology industry experience strongly preferred
• Strong command of internal control frameworks (COSO, COBIT) and enterprise risk assessment methodologies
• Proven experience leading IT audits, SOX programs, and control functions in complex technology environments
• Strong executive-level communication, analytical, problem-solving, and program management skills
• Demonstrated ability to influence senior leaders and enforce standards without direct authority
• Experience scaling controls in high-growth, cloud-native, CI/CD-driven organizations preferred
Benefits:
• Health insurance
• 401(k) matching
• Flexible work hours
• Paid time off
• Remote work options