Lead, Risk & Internal Audit

The Risk & Internal Audit team is hiring a Sarbanes-Oxley (SOX) Audit Lead to strengthen our SOX compliance program across both financial and technology controls. This individual contributor role reports to the Senior Lead, Finance.
You'll own assigned process areas (roughly 75% business process, 25% IT general controls) coordinating walkthroughs with control owners, maintaining process documentation, and tracking remediation to closure.
Beyond execution, you'll advise control owners on design and operation, and help scale the program as the business grows. We're looking for someone who will use AI, automation, and data analytics to reduce manual work, strengthen controls, and surface meaningful insights.
WHAT YOU’LL DO:
- Lead the annual SOX 404 program assessment end-to-end: planning, execution, testing, and reporting.
- Serve as the SOX subject matter expert for your assigned processes, including advising on control changes as systems and processes evolve.
- Develop and maintain process narratives, flowcharts, and risk and control matrices.
- Support the annual SOX risk assessment by evaluating process risks and control coverage, and update scoping as the business changes.
- Translate findings from control testing and process reviews into recommendations on control design, process efficiency, and risk mitigation.
- Coordinate with cross-functional teams, external auditors, and third-party consultants to keep audit cycles on schedule.
WHAT YOU BRING TO THE TEAM:
- SOX and internal audit experience: 6+ years auditing internal controls in a SOX or similar compliance environment, covering both financial and IT controls, including risk assessment and root cause analysis. Technology or ecommerce experience is a plus.
- Knowledge of control frameworks: working knowledge of SOX requirements and internal control frameworks, including the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for financial controls and Control Objectives for Information and Related Technologies (COBIT) for IT controls.
- Process documentation: ability to produce clear narratives, flowcharts, and risk and control matrices that hold up under external auditor review.
- Relevant professional certification: an audit-related certification (CPA, CIA, CISA) or actively working towards one.
- Strategic judgment and leadership: ability to assess risk, manage multiple concurrent process areas, and advise senior stakeholders on practical control design.
- Analytical and communication skills: analytical thinking and problem-solving, clear written and verbal communication, with the analytical rigor and attention to detail this work requires.
- Adaptability and collaboration: comfort in a fully remote, fast-paced environment; working independently, collaborating across functions, and operating under ambiguity.