Director of ITGC/SOX

BuzzFeed is hiring a Director, SOX IT General Controls in our NY, LA or MN offices to operationalize and mature the security risk management program.

This role will be heavily focused on managing ITGC requirements and communicating security risk across BuzzFeed, from internal operations to third-party vendors.

We’re looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, and who sees risk as something to manage pragmatically.

You should understand that it is really a matter of good business strategy to embrace SOX principles to strengthen the internal control environment.

The right candidate will drive the implementation of a robust and complete information technology internal controls program and have extensive Sarbanes-Oxley compliance and technology experience.

The ideal candidate will also have a proven track record of working within a high-growth organization and influencing and educating senior leaders on the concepts of information technology general and application controls.

You Will 

Be responsible for all phases of BuzzFeed’s ongoing information technology internal controls program from planning through reporting.

Design/develop the relevant ITGC controls

Execute the coordination and implementation of SOX ITGC controls by partnering with control owners, Internal Audit and Risk teams, and external auditors

Collaborate with the control owners and stakeholders to resolve control deficiencies

Track execution of the ITGC project plan, reporting, training and communications.

Educate, evaluate and advise business partners on internal SOX ITGC risks, controls, and mitigation in a large, sophisticated and constantly evolving environment

Collaborate with the control owners and stakeholders to ensure that SOX ITGC risks and controls are appropriately considered, identified early and proactively handled in the project development lifecycle

Manage SOX related impacts of changes to the business, such as new revenue streams and new system implementations

Develop and maintain an understanding of the internal control framework and processes to identify risks

Understand the ITGC structure of the systems and architecture

Develop relevant SOX ITGC documentation

Execute the quarterly and annual SOX ITGC processes

You Have

5+ years of experience working on security risk management

Previous experience in a cloud environment, preferably AWS and/or Azure

Deep understanding of the internal control framework (specifically COSO and COBIT) and a solid understanding of the concepts of control design and operational efficiency

Strong knowledge of SOX requirements and ability to assist with documentation of ITGC and financial process controls to support operational as well as SOX compliance audits, including performing walkthroughs and developing process flow charts

Strong risk management experience, including: performing assessments and audits, crafting controls, leading enterprise control frameworks, and prioritizing risk

Comfortable working with both deeply technical and non-technical audiences

Develop relationships in a highly cross functional environment and drive alignment across internal organizations

Highly responsive and have a customer first mindset

Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)

The Technical Details

7+ years of relevant experience, including leading technical staff

5+ years of leading SOX ITGC teams

5+ years of experience with SOX compliance programs

Deep understanding of enterprise-grade Identity Provider solutions such as Okta

Expert-level knowledge of enterprise SaaS applications, including Financial Systems, HRIS, and Technology Platforms.

Previous experience at a technology or SaaS company in similar role

Certifications, such as, but not limited to CISA, CISM, CISSP, CPA, CIA

Related Post

Property ManagerProperty Manager

Tripalink, founded in 2016, is a product-and community-focused residential co-living company with a unique and integrated business model being a property operator and a real estate developer. Tripalink has entered