The DIO SOX Compliance Expert serves as part of the Governance, Risk and Compliance (GRC)  within the DIO organization, responsible for ensuring that IT systems, processes, and controls comply with the Sarbanes-Oxley Act (SOX) and other regulatory requirements. This role acts as a key liaison between internal audit, external auditors, and DIO teams, coordinating and supporting IT audits across multiple domains, including SOX, cybersecurity, IT governance, data governance, and AI governance. Responsibilities include assessing, implementing, and monitoring IT controls related to financial reporting, collaborating with cross-functional teams to ensure compliance, and supporting enterprise audit processes.  The position also involves developing and maintaining an annual risk-based audit plan for DIO, executing planned activities and special projects requested by management or the audit committee, and clearly communicating results with actionable recommendations. In addition, the role is accountable for tracking findings, following up on management action plans, and providing timely updates and escalations to management and the audit committee to ensure risks are appropriately managed and remediated. 
 

Responsibilities 

SOX Oversight & Readiness 

• Provide guidance and advisory support to first line teams on the design of SOX IT General Controls (ITGCs) and key application controls, ensuring they are risk-based and aligned with leading practices

• Monitor control execution and evidence preparation to ensure completeness, accuracy, and audit readiness before internal or external audit testing begins

• Track the progress of management action plans for identified deficiencies and escalate delays or high-risk issues to leadership

• Support leadership with regular reporting on SOX status, open issues, and remediation progress

Coordination (SOX and Broader IT Audits) 

• Act as the primary point of contact for IA and external auditors during SOX and other IT audits

• Coordinate walkthroughs, testing requests, and evidence collection across DIO teams to ensure timely and accurate responses

Education & Partnership with First Line 

• Coach and educate the first line of defense on internal control concepts, SOX requirements, and best practices to improve control execution and documentation quality.

• Build awareness and accountability across DIO teams by communicating the “why” behind controls and compliance requirements

• Partner with technology and operations leaders to embed controls into processes and system design, reducing audit issues over time

Risk Monitoring & Continuous Improvement 

• Monitor for trends and emerging risks in areas such as Cybersecurity, Infrastructure, and Data & AI governance, providing insights to leadership

• Use industry-leading frameworks such as COBIT, NIST CSF, ISO 27001, and CIS Benchmarks to benchmark and enhance DIO’s control environment

• Identify opportunities to streamline and automate compliance processes, improving efficiency while maintaining strong risk coverage

• Stay current on evolving SOX regulations and industry best practices.

Qualifications

• Minimum of 3+ years of experience in a business, IT, or related role

• Preferred: Prior experience with a Big Four audit or consulting firm, specializing in IT audit, SOX compliance, or technology risk management

• Hands-on experience with IT infrastructure, cybersecurity, or technology risk management is highly desirable

• Education: Bachelor’s degree in Accounting, Finance, Business, or Information Technology preferred

• Certifications: CPA, CA, CIA, CFA, CISA, or CISSP certification preferred

• Technical Skills: Strong understanding of IT controls, risk management, and financial reporting processes. Familiarity with IT governance frameworks (e.g., COBIT, ITIL) is beneficial

• Analytical Skills: Excellent analytical and problem-solving skills, with the ability to assess complex situations and provide actionable recommendations

• Communication Skills: Strong verbal and written communication skills, with the ability to effectively communicate technical information to non-technical stakeholders.