Director, SOX Compliance-Business & IT Controls (HYBRID-Richmond, VA)

Position Description

The Director SOX Compliance Business & IT Controls is responsible for overseeing the design execution and continuous improvement of the enterprise-wide Sarbanes-Oxley (SOX) compliance program across business processes and IT controls. This role ensures that internal controls over financial reporting (ICFR) are designed effectively and operating as intended in alignment with Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Control Objectives for Information and Related Technologies (COBIT) frameworks. As the SOX compliance leader the role partners closely with IT Finance Operations Internal Audit and external auditors to ensure the integrity of financial reporting and compliance with regulatory requirements. The Director will also play a key role in shaping the organizations control environment in alignment with evolving technology and business needs.

Position Accountabilities

1. Program Oversight

• Lead the enterprise-wide SOX compliance program covering both business process controls (BPCs) and IT general controls (ITGCs) that aligns with best practices and regulatory requirements.
• Lead the SOX compliance programs annual scoping risk assessments control testing control rationalization and remediation as required.
• Ensure the ITGC framework aligns with COSO and COBIT standards.
• Lead and mentor a team of professionals fostering a high-performance culture.
• Develop and maintain documentation for Business process and IT controls including narratives flowcharts and risk/control matrices ensuring consistency across processes and businesses.
• Own and maintain the SOX Compliance program Governance Risk and Compliance (GRC) platform.

1. Business Process Controls Management

• Collaborate with Finance Business and Operations as well as first second and third lines of defense teams to ensure key business process controls are designed effectively.
• Provide thought leadership on the development and implementation of effective business process controls.
• Manage the Finance organizations first line of defense activities in coordination with the 1FLOD team.

1. IT Controls and Systems Oversight

• Provide thought leadership and oversee in coordination with the IT team the development implementation and management of IT SOX compliance standards ensuring robust IT controls.
• Co-ordinate with the IT management and team as well as first second and third lines of defense to ensure effective design of ITGCs.

1. Governance & Continuous improvement

• Serve as primary liaison between management internal auditors external auditors and other vendors engaged in the execution of the SOX compliance program.
• Provide strategic guidance on SOX considerations on automations optimization and emerging technologies.
• Report regularly to senior leadership and governance committees on SOX status risks and mitigation strategies.
• Conduct ongoing enterprise-wide SOX training for business and process owners.
• Monitor regulatory developments and industry trends to ensure the SOX program remains current and effective.
• Identify opportunities to streamline controls eliminate redundancies and strengthen risk mitigation.
• Lead or participate in special projects as required and assigned.

Organizational Relationship

This position reports to the Corporate Controller.

Position Qualifications

Education & Experience

• Bachelors degree in Information systems Accounting Finance or related field; advanced degree or certifications (e.g. CISA CPA CIA) preferred.
• 10 years of experience in SOX compliance IT audit or internal controls with at least 5 years in a leadership role.

Knowledge & Skills

• Deep understanding of Business process controls ITGCs application controls bank IT platforms and associated systems.
• Strong understanding of financial reporting business process and IT internal controls and SOX Regulatory requirements.
• Experience with GRC platforms and audit management tools.
• Strong leadership communication and stakeholder engagement skills.
• Ability to manage complex projects and drive cross-functional collaboration.
• Familiarity with cloud infrastructure cybersecurity frameworks and data governance.
• Strategic thinker with a proactive approach to risk management and control design.

Salary offered will be based on several factors including but not limited to education work experience certifications etc. This position is also eligible to participate in either an applicable incentive compensation plan for the position or a discretionary profit sharing bonus program. General information on our comprehensive benefits package can be found by visiting

We are proud to be an Equal Employment Opportunity employer. We maintain a drug-free workplace.

Required Experience:

Director