DIRECTOR, IT CONTROLS (HYBRID)

Job Summary

Reporting to the SVP, Risks and Controls, the Director, IT Controls will focus on shaping and strengthening Compass Group IT control environment. Additionally, this individual will be key in aligning North American controls with UK Corporate Reform compliance, as our parent company is located in the UK. This is a second line leadership role (Collaborative Leadership is key) that includes assisting with Technology policy development along with ongoing testing, oversight, monitoring and reporting on internal IT controls, addressing external audits and SOC engagements, as well as acting as the key resource working hand in hand with Internal Audit and the IT control/process owners. This position will be responsible for improving the efficiency and effectiveness of IT Internal controls through process improvement initiatives and automation.

As part of the new second line structure, this position requires someone who is extremely hands-on and has a very strong working knowledge of ITGC & ITAC SOX controls and can provide guidance and direction to the IT Organization with regard to the current control design and operating effectiveness. This individual will ensure effective and sustainable control practices that support Compass’ decentralized structure, align with COSO principles, and enable risk-aware technology operations. This person must also demonstrate strong communication, collaboration, and problem-solving skills to effectively influence and drive change across sectors, regions, business units and functions.

· Lead the planning, testing and execution, and oversight of UKCR and prepare for SOX ITGC and ITAC testing cycles (interim and year-end), ensuring high-quality, timely delivery.

· Develop and maintain a risk-based SOX testing strategy covering key systems, applications, and infrastructure.

· Evaluate design and operating effectiveness of IT controls, including:

o Access management (provisioning, deprovisioning, privileged access)

o Change management (application and infrastructure)

o IT operations (job monitoring, backups, incident management)

o Key automated controls and system configurations

· Coordinate with SVP, Risk & Controls & external auditors to ensure alignment on scope, testing approach, and issue resolution.

Deficiency Management & Remediation

· Assess control deficiencies, determine root cause, and evaluate severity.

· Provide actionable guidance to IT and business stakeholders on remediation strategies.

· Track and validate remediation efforts, ensuring timely closure and comprehensive remediation. Be a business partner and guide before grading.

· Prepare clear, concise reporting for Senior Leadership and Audit Committees.

Control Design & Advisory

· Partner with IT teams to design and implement robust, scalable IT controls aligned with SOX and broader risk management objectives.

· Serve as a trusted advisor to the IT organization on control best practices, automation opportunities, and risk mitigation strategies.

Governance & Stakeholder Engagement

· Collaborate closely with the IT Organization including the VP, IT Governance to align on SOX efforts with enterprise risk and governance programs.

· Act as a primary liaison between IT, Internal Audit, External Audit, and Finance on IT SOX-related matters.

· Provide regular updates to SVP, Risk & Controls and Executive leadership on SOX compliance status, risks, and emerging issues.

Program Leadership & Transformation

· Overtime this position will lead and develop a high-performing team responsible for IT SOX compliance and audits.

· Identify opportunities to streamline and automate control testing and monitoring.

· Stay current on evolving regulatory requirements, emerging risks (e.g., cybersecurity, cloud), and leading practices.

Required

· Bachelor’s degree in Information Systems, Accounting, Finance, or related field.

· 10-12+ years of experience in IT audit, SOX compliance, or IT risk management (preferably with a BIG 4).

· Deep expertise in TESTING the ITGCs and ITACs within a SOX-regulated environment.

· Strong understanding of control frameworks (e.g., COSO, COBIT).

· Proven experience managing SOX testing programs and working with external auditors.

· Demonstrated ability to assess and remediate control deficiencies.

· Strong leadership, communication, and stakeholder management skills.

Preferred

· Professional certifications such as CISA, CIA or CRISC

· Familiarity with ERP systems (e.g., SAP) and cloud environments.

· Experience with GRC tools and automation of control testing.

Key Competencies

· Strategic thinking and problem-solving

· Executive communication and influencing

· Collaborative leadership & a Continuous improvement mindset

Reporting Structure

· Reports to: SVP, Risk & Controls

· Key partners: CIO & CTO organization, VP, IT Governance, Internal Audit, External Auditors, Finance, Risk & Controls

Success Measures

· Timely and effective completion of SOX testing cycles

· Reduction in control deficiencies and repeat findings

· Improved control maturity and automation

· Strong audit outcomes and stakeholder confidence

Location & Work Environment

This is a hybrid role based out of the Compass USA Charlotte corporate office, with flexibility for remote work 1day per week. Willingness to travel approximately 10%