Senior Director Internal Audit and SOX

ForeFlight

$200K — $245K *
Finance & Insurance
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Accounting, Finance, or related field.
  • 12+ years of progressive experience in internal or external audit and controls.
  • 4+ years in a leadership role for internal audit or Sarbanes-Oxley functions.
  • Expertise in Sarbanes-Oxley Section 404 including scoping and external auditor coordination.
  • Strong understanding of IT general controls and auditing without relying solely on specialists.
  • Proven ability to communicate effectively with Audit Committees and Boards.
  • CPA or CIA certification required.

Responsibilities

  • Own the Sarbanes-Oxley Section 404(b) readiness program across legal entities and processes.
  • Build and maintain a comprehensive internal control framework for financial reporting.
  • Lead the execution of a risk-based internal audit plan covering all business risk areas.
  • Conduct enterprise risk assessments and manage audit engagements from planning to reporting.
  • Evaluate control deficiencies and coordinate remediation plans with management.
  • Serve as the primary liaison for external auditors regarding internal controls.
  • Build a high-performing internal audit team and manage co-sourcing relationships.

Benefits

  • Hybrid work environment in Englewood, CO.
  • Opportunity to build an internal audit function from the ground up.
  • Significant engagement with executive leadership and Audit Committee.
  • Exposure to high-profile audit processes related to potential IPO.
  • Career development opportunities and team leadership.
Full Job Description
Senior Director Internal Audit and SOX

About the Role

We are scaling fast and building the financial infrastructure to match. Backed by Thoma Bravo, we are a high-growth SaaS company operating with the urgency of a startup and the financial rigor expected by a sophisticated institutional investor. Our private equity sponsors are active, numbers-driven, and expect a control environment that will hold up under the most demanding scrutiny. So do we. As our Senior Director of Internal Audit and SOX, you will build and lead the internal audit function from the ground up at a pivotal moment in our trajectory. We are on the path to an initial public offering or strategic exit, and the control environment you design, test, and operate will be the one that goes in front of the Securities and Exchange Commission, the Public Company Accounting Oversight Board, and our Big 4 external auditors. This is not an audit coordination role. You will own the risk assessment, write the audit plan, build the team, run the audits, remediate the findings, and report directly to the

Audit Committee.

You will partner with the Chief Accounting Officer, the Chief Financial Officer, and every function that touches financial reporting, information technology, and operations. If you have built an internal audit function inside a private equity-backed or pre-initial public offering company and understand what it takes to achieve Sarbanes-Oxley Section 404(b) compliance in an environment where the processes are still being built, we want to talk. Role located in Englewood, CO (Hybrid)

Key Responsibilities:

What You'll Own

Sarbanes-Oxley Program Ownership

  • Own the end-to-end Sarbanes-Oxley Section 404(b) readiness program, from scoping and


risk assessment through control documentation, testing, deficiency evaluation, and

remediation tracking.

  • Define the scope of the Sarbanes-Oxley program across all in-scope legal entities,


processes, and information technology systems, and defend that scope to external auditors

and the Audit Committee.

  • Build and maintain a complete internal control over financial reporting framework with


documented control objectives, control descriptions, risk ratings, and testing evidence for

every key control.

  • Design and operate walkthroughs, design effectiveness testing, and operating effectiveness


testing across financial close and reporting, procure-to-pay, order-to-cash, treasury, payroll,

and information technology general controls.

  • Evaluate control deficiencies against materiality thresholds, classify deficiencies as control


deficiencies, significant deficiencies, or material weaknesses, and manage remediation plans

to closure before the external audit window.

  • Serve as the primary internal liaison to the external audit team on internal control over


financial reporting matters. Own the prepared by client list, manage fieldwork timelines, and

ensure zero repeat findings.

  • Build the integrated audit model in which internal audit testing and external auditor reliance


are coordinated to reduce total audit burden on the business.

Internal Audit Program

  • Build and execute a risk-based annual internal audit plan approved by the Audit Committee,


covering financial, operational, compliance, and information technology risks.

  • Conduct the enterprise risk assessment annually and update it dynamically as the business


adds legal entities, products, geographies, or completes acquisitions.

  • Lead or supervise all internal audit engagements from planning through fieldwork, findings,


management response, and final report issuance.

  • Audit high-risk areas including revenue recognition, commissions, procurement and vendor


management, equity administration, treasury operations, and payroll.

  • Issue clear, actionable audit reports with findings rated by severity, root cause identified, and


management response and remediation timeline documented.

  • Track open audit findings and remediation commitments to closure. Escalate overdue or


unresolved items to the Chief Accounting Officer and Audit Committee.

  • Maintain the internal audit charter and ensure the function operates in accordance with the


Institute of Internal Auditors International Professional Practices Framework.

Information Technology General Controls and Information Technology Audit

  • Own the information technology general controls program across all in-scope systems,


including Oracle enterprise resource planning, Coupa, Navan, Salesforce, and any other

financially significant applications.

  • Test and document information technology general controls covering logical access, user


provisioning and deprovisioning, segregation of duties enforcement, change management,

and batch job monitoring.

  • Partner with the Systems and Information Technology teams on access reviews, privilege


management, and change control discipline. Escalate segregation of duties violations and

unresolved access exceptions.

  • Audit information technology and cybersecurity controls as part of the annual audit plan,


covering disaster recovery, backup integrity, vendor access, and data integrity.

  • Support the Systems team in designing compensating controls where segregation of duties


cannot be achieved through system configuration alone.

Fraud Risk and Ethics:

  • Own the fraud risk assessment and ensure fraud risk considerations are incorporated into the


Sarbanes-Oxley scoping, audit plan, and control design.

  • Design and operate anti-fraud controls covering vendor payments, expense reimbursement,


payroll, and financial close journal entries.

  • Conduct or oversee sensitive investigations involving potential fraud, ethics violations, or


policy breaches, in coordination with Legal and Human Resources.

  • Maintain and promote the company's ethics reporting mechanism and ensure employees


understand how to raise concerns.

Audit Committee and Executive Reporting

  • Prepare and present quarterly reports to the Audit Committee covering the Sarbanes-Oxley


program status, internal audit results, open findings, risk assessment updates, and emerging

risks.

  • Maintain a direct, independent reporting line to the Audit Committee Chair on matters of


significance that require escalation outside of management.

  • Partner with the Chief Accounting Officer and Chief Financial Officer on audit committee


meeting preparation, including agenda, materials, and pre-meeting briefings.

  • Communicate audit results and control gaps to business owners and senior leadership in a


manner that drives accountability without creating unnecessary alarm.

Acquisition Integration and Special Projects

  • Lead internal audit and Sarbanes-Oxley integration activities for add-on acquisitions,


including pre-close control gap assessment, opening balance sheet review support, and rapid

integration into the consolidated control framework.

  • Support quality of earnings and financial due diligence processes in partnership with the


Chief Accounting Officer and Chief Financial Officer on potential acquisitions.

  • Partner with Legal, Finance, and Operations on compliance initiatives, policy development,


and process improvement projects where an independent audit perspective adds value.

Team Leadership:

  • Build and lead an internal audit team of 3 to 6 professionals across audit, Sarbanes-Oxley


testing, and information technology audit, with the expectation that the team grows as the

company scales.

  • Define team structure, roles, and responsibilities. Determine the appropriate mix of internal


headcount and co-source support from a third-party audit firm.

  • Manage the co-source relationship with the external internal audit firm, including scope,


quality, and budget.

  • Set clear performance expectations, provide direct and timely feedback, and develop your


team into skilled audit professionals.

  • Create career development plans and ensure your team has the access, training, and tools to


do their work without unnecessary friction.

Senior Director Internal Audit and SOX

Basic Qualifications:

  • Bachelor's degree in Accounting, Finance, or a related field.
  • 12 or more years of progressive internal audit, external audit, or risk and controls experience,


including at least 4 years leading an internal audit or Sarbanes-Oxley function.

  • Deep, hands-on Sarbanes-Oxley Section 404 expertise, including scoping, control


documentation, testing, deficiency classification, and external auditor coordination.

  • Experience building or operating an internal audit function inside a pre-initial public offering,


private equity-backed, or recently public company.

  • Strong understanding of information technology general controls and the ability to audit and


assess them without relying entirely on a technical specialist.

  • Demonstrated ability to present to and communicate with an Audit Committee or Board-level


audience.

  • Track record of managing relationships with Big 4 external audit teams as the primary client-


side owner of internal control over financial reporting matters.

  • Certified Public Accountant, Certified Internal Auditor, or both.


Preferred Qualifications:

  • Big 4 public accounting background at the Manager level or above, with significant internal


control over financial reporting or advisory experience.

  • Experience taking a company through a full Sarbanes-Oxley Section 404(b) first-year


implementation and integrated audit.

  • Familiarity with SaaS-specific risk areas: revenue recognition under Accounting Standards


Codification 606, commissions capitalization, deferred revenue, and usage-based billing.

  • Experience operating in a private equity-backed environment and familiarity with sponsor


reporting cadences, covenant compliance, and Board package expectations.

  • Exposure to acquisition integration audits, opening balance sheet reviews, and purchase


price allocation validation.

  • Familiarity with Oracle enterprise resource planning audit and information technology general


controls testing in an Oracle environment.

  • Certified Information Systems Auditor designation or equivalent information technology audit


experience.

  • Experience with Securities and Exchange Commission reporting readiness, including


Management Discussion and Analysis support, disclosure controls assessment, and sub-

certification processes.

You'll Thrive Here If You...

  • Are comfortable telling a Vice President or a business unit leader that their control does not


work and then helping them fix it.

  • Build audit programs that are thorough enough to stand up to external auditor scrutiny but


practical enough that the business can actually execute them.

  • Find unresolved audit findings genuinely offensive and manage remediation with the same


rigor you apply to fieldwork.

Senior Director / Vice President, Internal Audit and SOX

Know what audit-ready actually means at 11:00 PM the night before an external auditor

walkthrough.

  • Can operate independently while keeping leadership and the Audit Committee appropriately


informed without over-escalating.

  • Want to build a best-in-class internal audit function, not inherit one that is already finished.
  • Thrive in an environment where the processes are still being designed and your judgment


matters more than the policy manual.

Similar Jobs

More Jobs at ForeFlight

More Finance & Insurance Jobs

Find similar Senior Director Internal Audit and SOX jobs: