Director, IT SOX Compliance

Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

The Director of IT SOX Compliance is responsible for ensuring Amentum IT’s SOX processes and internal control environment are effective and compliant with all applicable laws and regulations. This role will contribute to the formulation and implementation of IT controls where new or enhanced processes are required.
This position is a key role within the company that reports to the Chief Information Security Officer and works closely and collaboratively with different functions across the organization.  This is a remote-telework role. US citizenship is required.

Primary Responsibilities:

• Executes all phases of the Company's ongoing IT SOX compliance efforts from planning through reporting, in compliance with NIST standards.
• Assists in company-wide and technology/ application-specific risk assessments to evaluate and address any impact the results may have on the control environment.
• Updates and continually validates documentation of the control environment (e.g., process flows, control matrices, system diagrams, role security matrices, etc.), ensuring it is kept current.
• Collaborates with the Company’s Director of Internal Controls & SOX Compliance to evaluate IT system SOX scoping and address the impact of key applications relevant to the Company’s SOX environment.
• Leads the design and implementation of efficient and effective IT controls across the organization.
• Provides thought leadership on new business initiatives, system implementations, IT policy changes, personnel changes and assess the impact of the changes on internal controls.
• Conducts periodic meetings/reviews with process/application owners to ensure any changes to processes are updated and accurately assessed for control gaps.
• Facilitates the remediation of any exceptions with IT process/application owners in a timely manner.
• Provides guidance for identifying processes and technology solutions to improve compliance and reduce workload, e.g. via automation.
• Stays current to changes in regulatory guidance, industry best practices, and areas of focus/hot topics for external audits.
• Monitors emerging risks in IT compliance, including cybersecurity threats that could impact SOX controls.
• Actively builds and manages relationships with Company stakeholders, while promoting the importance of compliance initiatives throughout the organization.
• Supports process owners through training, reviewing, and providing guidance for their processes including, but not limited to, IT General Controls, IT Operations and SOC Reporting.
• Collaborates with internal/ external auditors to facilitates requests and ensure evidence is captured.
• Participates in other compliance initiatives the Company may engage.
• Serves as a key resource for special projects, with a focus on financial systems, back-office IT infrastructure engineering, with the ability to lead as well as make meaningful contributions.

Knowledge, Skills and Abilities:

• Strong leadership skills with a self-motivated ability to exercise thoughtful and sound judgement and help drive and achieve positive results.
• A team player and process-oriented focus with excellent interpersonal, analytical, and problem-solving skills.
• Strong written and verbal communication skills, including the ability to interact effectively with all areas and levels of the company.
• Must be highly organized, accurate and detail-oriented, with the ability to manage numerous projects /tasks simultaneously and adhere to strict deadlines in a fast-paced environment.
• Must possess high ethical standards (integrity, transparency, and trust).
• Exhibit critical thinking skills and ability to complete tasks with appropriate level of skepticism.
• Demonstrated professional commitment, initiative, accountability and ownership of assignments.
• Ability to proactively manage change and independently prioritize tasks, organize complex workload to accomplish objectives in a timely manner.
• Experience working in a rapidly evolving work environment.

Minimum Qualifications:

• Bachelor's degree in a business-related or IT-related field of concentration or equivalent combination of training and experience; advanced degree is a plus.
• Typically, 15 years of related work experience with knowledge of SOX concepts, practices and procedures, and IT subject-matter proficiency (i.e., IT logical access, change management, and operations); audit experience within public accounting and/or internal audit is required (Big 4 is a plus).
• Relevant professional certification is required, such as Certified Information Systems Auditor (CISA), Certified information systems security professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC).
• Experience with controls design, controls, audit, or risk (i.e., IT controls testing, internal audits, operational audits, advisory/consulting/compliance).
• Proficiency with audit software like AuditBoard.
• Familiarity of various identity governance and access controls systems preferred (i.e., Archer, Saviynt, SailPoint IdentityIQ, Okta, Microsoft Azure Active Directory).
• US Citizenship is required to apply.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, gender identity, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal EEO laws and supplemental language at EEO including Disability/Protected Veterans and Labor Laws Posters.