Job Description

We are seeking a Director, IT compliance leader to build and lead the company’s IT compliance, governance, and control functions. This role owns the IT SOX compliance program while also strengthening broader IT governance frameworks, policies, and control standards that support consistent operations, effective risk management, and operational efficiency where appropriate.

This position is a senior individual contributor role with hands-on execution expected from day one. You will work through influence and partnership rather than formal authority, collaborating closely with IT leadership, Internal Audit, and business stakeholders, and coordinating with Legal and Security as needed. As with many roles at IES Holdings, this position wears multiple hats and requires comfort operating across functions in a growing, decentralized environment.

You are responsible for governance and controls rather than audit execution, and you will help build structure where it does not yet exist. Governance efforts are aligned with recognized frameworks such as NIST CSF, while remaining practical, scalable, and appropriate for the organization’s current stage of maturity.

The ideal candidate will be engaged in both strategic and operational aspects of compliance, with the ability to translate risk and control expectations into workable solutions.

Key Responsibilities

IT SOX Compliance Ownership: Lead and manage the IT SOX compliance program, including system scoping, coordination of control testing, remediation tracking, and executive-level reporting.

Audit Partnership and Coordination: Serve as the primary liaison between IT, Internal Audit, and external auditors. Ensure audit readiness, timely responses to inquiries, and effective issue resolution.

Governance and Policy Development: Develop, implement, and maintain enterprise IT governance frameworks, policies, procedures, and control standards aligned with business needs and risk tolerance.

Control Design and Implementation: Partner with IT leaders and teams to design and operationalize practical, sustainable controls across technology domains.

Regulatory and Contractual Compliance Support: Support PCI-DSS and other regulatory or contractual compliance requirements as applicable.

Project and Implementation Advisory: Participate in IT initiatives and system implementations to define control requirements and risk expectations early in project lifecycles.

Risk and Gap Assessments: Conduct IT risk assessments and control gap analyses; prioritize issues and drive remediation planning in collaboration with IT partners.

Metrics and Reporting: Define, track, and report compliance and control effectiveness metrics to support leadership decision-making.

Risk Awareness and Communication: Promote risk awareness, accountability, and compliance best practices across IT through clear communication and guidance.

Continuous Improvement: Monitor evolving regulatory requirements and industry standards; recommend enhancements to frameworks, policies, and practices to strengthen the overall compliance posture.

Qualifications

• Bachelor's degree in information systems, Computer Science, or related fields. Master's Degree is a plus.
• Minimum of 10 years of experience in IT Audit, IT Risk, IT GRC, or IT Compliance.
• Demonstrated experience leading IT SOX compliance programs and working with IT control frameworks.
• Proven ability to design and implement controls in partnership with IT teams.
• Strong communication skills with the ability to build relationships and influence outcomes across stakeholders.
• Experience operating effectively in fast-paced, growing, or decentralized organizations.
• CISA, CISSP, CRISC, or equivalent certification is strongly preferred.
• ITIL, COBIT, or process improvement certifications are a plus.
• Big 4 or consulting experience preferred when combined with internal compliance or audit experience.

Job Tags

Similar Jobs