BuzzFeed is hiring a Director, SOX IT General Controls in our NY, LA or MN offices to operationalize and mature the security risk management program.
This role will be heavily focused on managing ITGC requirements and communicating security risk across BuzzFeed, from internal operations to third-party vendors.
We’re looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, and who sees risk as something to manage pragmatically.
You should understand that it is really a matter of good business strategy to embrace SOX principles to strengthen the internal control environment.
The right candidate will drive the implementation of a robust and complete information technology internal controls program and have extensive Sarbanes-Oxley compliance and technology experience.
The ideal candidate will also have a proven track record of working within a high-growth organization and influencing and educating senior leaders on the concepts of information technology general and application controls.
You Will
Be responsible for all phases of BuzzFeed’s ongoing information technology internal controls program from planning through reporting.
Design/develop the relevant ITGC controls
Execute the coordination and implementation of SOX ITGC controls by partnering with control owners, Internal Audit and Risk teams, and external auditors
Collaborate with the control owners and stakeholders to resolve control deficiencies
Track execution of the ITGC project plan, reporting, training and communications.
Educate, evaluate and advise business partners on internal SOX ITGC risks, controls, and mitigation in a large, sophisticated and constantly evolving environment
Collaborate with the control owners and stakeholders to ensure that SOX ITGC risks and controls are appropriately considered, identified early and proactively handled in the project development lifecycle
Manage SOX related impacts of changes to the business, such as new revenue streams and new system implementations
Develop and maintain an understanding of the internal control framework and processes to identify risks
Understand the ITGC structure of the systems and architecture
Develop relevant SOX ITGC documentation
Execute the quarterly and annual SOX ITGC processes
You Have
5+ years of experience working on security risk management
Previous experience in a cloud environment, preferably AWS and/or Azure
Deep understanding of the internal control framework (specifically COSO and COBIT) and a solid understanding of the concepts of control design and operational efficiency
Strong knowledge of SOX requirements and ability to assist with documentation of ITGC and financial process controls to support operational as well as SOX compliance audits, including performing walkthroughs and developing process flow charts
Strong risk management experience, including: performing assessments and audits, crafting controls, leading enterprise control frameworks, and prioritizing risk
Comfortable working with both deeply technical and non-technical audiences
Develop relationships in a highly cross functional environment and drive alignment across internal organizations
Highly responsive and have a customer first mindset
Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
The Technical Details
7+ years of relevant experience, including leading technical staff
5+ years of leading SOX ITGC teams
5+ years of experience with SOX compliance programs
Deep understanding of enterprise-grade Identity Provider solutions such as Okta
Expert-level knowledge of enterprise SaaS applications, including Financial Systems, HRIS, and Technology Platforms.
Previous experience at a technology or SaaS company in similar role
Certifications, such as, but not limited to CISA, CISM, CISSP, CPA, CIA