The Director IT SOX Compliance will provide strategic leadership and expert oversight of IT controls and compliance under the Sarbanes-Oxley Act (SOX). This role will drive the assessment, design, implementation, and continuous monitoring of IT General Controls (ITGCs), conduct SOX 404 testing, and ensure rigorous adherence to regulatory requirements. The ideal candidate will bring exceptional leadership capabilities, advanced technical proficiency, and deep expertise in IT SOX compliance and will partner closely with IT, Finance, Internal Audit, and External Audit teams.

1. Lead the Annual SOX IT Compliance Program
• Develop, execute, and oversee the annual SOX IT compliance plan, including scoping, testing, remediation, and reporting.
• Ensure coverage includes technology infrastructure and key business applications impacting financial reporting (Revenue systems, payroll systems, Active Directory, in-scope reporting tools).
• Provide expert guidance on the identification, evaluation, and mitigation of IT risks related to financial reporting.
• Drive the maturity of the IT SOX program through continuous process improvement, automation, and the adoption of industry best practices (e.g., COBIT, COSO)
2. IT General Controls (ITGC) Oversight
• Maintain proactive ownership of ITGCs for all in-scope systems.
• Develop a working knowledge of all in-scope systems and their impact on financial reporting.
• Collaborate with process and system owners to evaluate, strengthen, and optimize control structures.
• Oversee testing, remediation, and documentation of control effectiveness.
• Identify opportunities for process improvements and risk mitigation.
3. Vendor & Third-Party Risk Management
• Manage SOX scoping for vendor-managed in-scope applications.
• Review SOC 1 reports, assess deficiencies, and ensure appropriate complementary user entity controls (CUECs) are in place.
• Ensure vendors meet company compliance and reporting standards.
4. Audit Coordination
• Act as the primary IT liaison for internal and external auditors.
• Facilitate communications between IT, Finance, and business functions to ensure audit readiness.
• Drive timelines for audit activities and ensure completeness and accuracy of provided documentation.
5. Change & Impact Assessment
• Monitor business and IT system changes to assess potential impacts on ITGCs.
• Proactively address risks from new technologies, system upgrades, or process changes.
6. Governance & Documentation
• Ensure SOX-related IT procedures are properly documented to minimize rework and reduce audit findings.
• Partner with IT teams to create process flowcharts, policies, and control documentation where gaps exist.
• Provide regular, high-level reports on the IT SOX compliance status and risk posture to executive leadership.

Experience - 12 -15 years of experience

Skills and Abilities

---12 to 15+ years of experience in IT SOX compliance, IT audits, or IT risk management.
-- Strong knowledge of SOX 404, IT General Controls (ITGCs), COBIT, NIST, COSO, and ISO 27001.
-- Experience with SAP, Oracle, Workday, and cloud security (AWS, Azure, GCP) controls.
-- Expertise in automated SOX testing tools and GRC platforms (e.g., ServiceNow GRC, AuditBoard).
-- Prior experience working with public companies or Big 4 audit firms (Deloitte, PwC, EY, KPMG) is a plus.
-- Strong understanding of IT risk, compliance, and cybersecurity.
-- Strong analytical and problem-solving skills with attention to detail.
-- Expertise in IT change management, access controls, operations management, and data security.
-- Excellent project management and leadership skills.
-- Demonstrated ability to lead, influence, and collaborate effectively with cross-functional teams, including senior management, auditors, and business leaders

Reporting Time - 9:00 am-6:00 pm (EST)