Associate Director, IT SOX Compliance

Role Summary

Associate Director, IT SOX Compliance responsible for ensuring the integrity, security, and compliance of critical IT systems and data supporting financial operations. Proactively assess, implement, and improve IT SOX compliance framework; monitor IT risks related to financial reporting; serve as a trusted business partner across Finance, IT, and audit partners. Reports to the Senior Director, Finance. On-site presence required at least three days per week in New York City.

Responsibilities

• Own and manage the design, implementation, and testing of IT General Controls in support of the SOX compliance framework.
• Develop, implement, improve and maintain the IT SOX compliance framework across existing and new systems.
• Document risks of control design gaps or operational audit findings and identify areas for process improvements.
• Prepare narratives, flowcharts, and risk assessment matrices to document control processes, identify risks, and mitigate controls.
• Manage compliance over System and Organization Controls audits in support of the annual audit plan.
• Collaborate with internal and external audit partners, lead IT walkthroughs, and provide necessary documentation and evidence for IT SOX audits and other assessments.
• Establish and manage IT SOX compliance policies, procedures, and standards to ensure consistent application of controls and best practices.
• Prepare IT SOX compliance observations and communicate audit findings to management with recommendations for improvement.

Qualifications

• Bachelor's or Master's degree in Information Technology, Computer Science, Accounting, Finance, or related field; relevant IT SOX certifications are a plus.
• 7+ years of experience in Process and Information Technology auditing, focused on IT SOX and IT General Controls.
• Proficiency in assessing IT general controls, IT application controls, key reports, and SOC reports.
• Ability to work on site Monday, Tuesday, and Thursday; no fully remote roles.

Experience and Knowledge

• Strong understanding of IT control frameworks for IT SOX compliance, with emphasis on COSO.
• Experience with Governance, Risk and Compliance tools used to manage risk and compliance programs in IT SOX context.
• Excellent oral, written, and presentation skills; able to communicate compliance concepts to technical and non-technical audiences.
• Proven ability to lead cross-functional initiatives and influence stakeholders at all levels.
• Problem-solving mindset with a proactive, analytical approach.
• Strong planning, organization, attention to detail, execution, and follow-through.

Education

• Not explicitly required beyond degree in listed fields; professional certifications related to IT SOX are a plus.