Director, IT SOX Audit

Job Description Primary Function of Position

The Director, IT Technical Audit – SOX owns the IT SOX compliance program and is accountable for the design, operation, effectiveness and continuous improvement of technology controls that support financial reporting. This role ensures that IT risks are identified, understood, and controlled within the technical platforms and operating processes.

This role requires a leader with deep IT SOX operational expertise in an SAP environment and strong understanding of enterprise systems and end‑to‑end business processes. The Director will develop trusted partnerships with technical and functional teams, internal audit and PWC teams, driving control improvements, automation, and standardization across the IT portfolio.

• Consistently efficient IT SOX audits with no late surprises.
• ITGC Controls that reflect how systems and processes really work.
• Increased reliance on automated controls over time.
• Strong credibility with technical IT teams and internal and external auditors.
• A disciplined, respected team that owns outcomes.

• Own IT SOX end-to-end, including planning, scoping, risk assessment, testing, remediation, and reporting.
• Partner with Finance, Internal Audit, IT Control owners, and PWC on scoping and executing the SOX audit strategy.
• Maintain complete, accurate, and audit‑ready documentation for all in‑scope systems and controls.
• Define and execute a clear roadmap to scale and mature IT SOX as systems, integrations, and automation increase.

• Design, operate, and continuously improve IT General Controls (ITGCs) and IT Application Controls (ITACs).
• Enforce effective controls over user access and role design, segregation of duties, change management and deployments, interfaces, data flows, and system‑generated reports
• Increase reliance on automated, system‑enforced controls and reduce dependence on manual processes.
• Assess SDLC, Dev Ops, and CI/CD controls to confirm changes are controlled, traceable, and auditable.
• Evaluate controls in the context of how systems and business processes operate, assessing controls are appropriate given real system configurations, data dependencies, and transaction flows.
• Partner directly with system owners and process leaders to understand operational realities.
• Apply judgment to delineate control risk from acceptable operational variation.

• Lead IT audit planning and coordinate testing across IT, Security, Engineering, and Finance.
• Serve as the primary point of contact for external auditors on all IT SOX matters.
• Ensure audit evidence is complete, clear, timely, and supports reliance.
• Proactively manage audit issues and prevent last‑minute surprises.

• Own all IT control deficiencies from identification through sustained remediation.
• Perform root cause analysis and assess control severity and financial risk.
• Design remediation that permanently addresses the issue, not short‑term fixes.
• Validate remediation effectiveness and prevent recurrence through improved control design.

• Drive automation, analytics, and continuous monitoring to improve control quality and efficiency.
• Reduce manual testing through stronger automated controls and tooling.
• Rationalize and simplify controls without weakening risk coverage.
• Embed controls directly into systems and workflows where possible.

• Translate complex technical and audit topics into clear, direct language for leadership and business partners.
• Provide concise updates on SOX status, key risks, and remediation progress.
• Educate IT and system owners on SOX responsibilities and documentation expectations.
• Build strong, trusted relationships across IT, Engineering, Security, and Finance.