Senior Director Internal Audit and SOX
About the RoleWe are scaling fast and building the financial infrastructure to match. Backed by Thoma Bravo, we are a high-growth SaaS company operating with the urgency of a startup and the financial rigor expected by a sophisticated institutional investor. Our private equity sponsors are active, numbers-driven, and expect a control environment that will hold up under the most demanding scrutiny. So do we. As our Senior Director of Internal Audit and SOX, you will build and lead the internal audit function from the ground up at a pivotal moment in our trajectory. We are on the path to an initial public offering or strategic exit, and the control environment you design, test, and operate will be the one that goes in front of the Securities and Exchange Commission, the Public Company Accounting Oversight Board, and our Big 4 external auditors. This is not an audit coordination role. You will own the risk assessment, write the audit plan, build the team, run the audits, remediate the findings, and report directly to the
Audit Committee.
You will partner with the Chief Accounting Officer, the Chief Financial Officer, and every function that touches financial reporting, information technology, and operations. If you have built an internal audit function inside a private equity-backed or pre-initial public offering company and understand what it takes to achieve Sarbanes-Oxley Section 404(b) compliance in an environment where the processes are still being built, we want to talk. Role located in Englewood, CO (Hybrid)
Key Responsibilities:What You'll OwnSarbanes-Oxley Program Ownership- Own the end-to-end Sarbanes-Oxley Section 404(b) readiness program, from scoping and
risk assessment through control documentation, testing, deficiency evaluation, and
remediation tracking.
- Define the scope of the Sarbanes-Oxley program across all in-scope legal entities,
processes, and information technology systems, and defend that scope to external auditors
and the Audit Committee.
- Build and maintain a complete internal control over financial reporting framework with
documented control objectives, control descriptions, risk ratings, and testing evidence for
every key control.
- Design and operate walkthroughs, design effectiveness testing, and operating effectiveness
testing across financial close and reporting, procure-to-pay, order-to-cash, treasury, payroll,
and information technology general controls.
- Evaluate control deficiencies against materiality thresholds, classify deficiencies as control
deficiencies, significant deficiencies, or material weaknesses, and manage remediation plans
to closure before the external audit window.
- Serve as the primary internal liaison to the external audit team on internal control over
financial reporting matters. Own the prepared by client list, manage fieldwork timelines, and
ensure zero repeat findings.
- Build the integrated audit model in which internal audit testing and external auditor reliance
are coordinated to reduce total audit burden on the business.
Internal Audit Program
- Build and execute a risk-based annual internal audit plan approved by the Audit Committee,
covering financial, operational, compliance, and information technology risks.
- Conduct the enterprise risk assessment annually and update it dynamically as the business
adds legal entities, products, geographies, or completes acquisitions.
- Lead or supervise all internal audit engagements from planning through fieldwork, findings,
management response, and final report issuance.
- Audit high-risk areas including revenue recognition, commissions, procurement and vendor
management, equity administration, treasury operations, and payroll.
- Issue clear, actionable audit reports with findings rated by severity, root cause identified, and
management response and remediation timeline documented.
- Track open audit findings and remediation commitments to closure. Escalate overdue or
unresolved items to the Chief Accounting Officer and Audit Committee.
- Maintain the internal audit charter and ensure the function operates in accordance with the
Institute of Internal Auditors International Professional Practices Framework.
Information Technology General Controls and Information Technology Audit
- Own the information technology general controls program across all in-scope systems,
including Oracle enterprise resource planning, Coupa, Navan, Salesforce, and any other
financially significant applications.
- Test and document information technology general controls covering logical access, user
provisioning and deprovisioning, segregation of duties enforcement, change management,
and batch job monitoring.
- Partner with the Systems and Information Technology teams on access reviews, privilege
management, and change control discipline. Escalate segregation of duties violations and
unresolved access exceptions.
- Audit information technology and cybersecurity controls as part of the annual audit plan,
covering disaster recovery, backup integrity, vendor access, and data integrity.
- Support the Systems team in designing compensating controls where segregation of duties
cannot be achieved through system configuration alone.
Fraud Risk and Ethics:- Own the fraud risk assessment and ensure fraud risk considerations are incorporated into the
Sarbanes-Oxley scoping, audit plan, and control design.
- Design and operate anti-fraud controls covering vendor payments, expense reimbursement,
payroll, and financial close journal entries.
- Conduct or oversee sensitive investigations involving potential fraud, ethics violations, or
policy breaches, in coordination with Legal and Human Resources.
- Maintain and promote the company's ethics reporting mechanism and ensure employees
understand how to raise concerns.
Audit Committee and Executive Reporting
- Prepare and present quarterly reports to the Audit Committee covering the Sarbanes-Oxley
program status, internal audit results, open findings, risk assessment updates, and emerging
risks.
- Maintain a direct, independent reporting line to the Audit Committee Chair on matters of
significance that require escalation outside of management.
- Partner with the Chief Accounting Officer and Chief Financial Officer on audit committee
meeting preparation, including agenda, materials, and pre-meeting briefings.
- Communicate audit results and control gaps to business owners and senior leadership in a
manner that drives accountability without creating unnecessary alarm.
Acquisition Integration and Special Projects
- Lead internal audit and Sarbanes-Oxley integration activities for add-on acquisitions,
including pre-close control gap assessment, opening balance sheet review support, and rapid
integration into the consolidated control framework.
- Support quality of earnings and financial due diligence processes in partnership with the
Chief Accounting Officer and Chief Financial Officer on potential acquisitions.
- Partner with Legal, Finance, and Operations on compliance initiatives, policy development,
and process improvement projects where an independent audit perspective adds value.
Team Leadership:- Build and lead an internal audit team of 3 to 6 professionals across audit, Sarbanes-Oxley
testing, and information technology audit, with the expectation that the team grows as the
company scales.
- Define team structure, roles, and responsibilities. Determine the appropriate mix of internal
headcount and co-source support from a third-party audit firm.
- Manage the co-source relationship with the external internal audit firm, including scope,
quality, and budget.
- Set clear performance expectations, provide direct and timely feedback, and develop your
team into skilled audit professionals.
- Create career development plans and ensure your team has the access, training, and tools to
do their work without unnecessary friction.
Senior Director Internal Audit and SOX
Basic Qualifications:- Bachelor's degree in Accounting, Finance, or a related field.
- 12 or more years of progressive internal audit, external audit, or risk and controls experience,
including at least 4 years leading an internal audit or Sarbanes-Oxley function.
- Deep, hands-on Sarbanes-Oxley Section 404 expertise, including scoping, control
documentation, testing, deficiency classification, and external auditor coordination.
- Experience building or operating an internal audit function inside a pre-initial public offering,
private equity-backed, or recently public company.
- Strong understanding of information technology general controls and the ability to audit and
assess them without relying entirely on a technical specialist.
- Demonstrated ability to present to and communicate with an Audit Committee or Board-level
audience.
- Track record of managing relationships with Big 4 external audit teams as the primary client-
side owner of internal control over financial reporting matters.
- Certified Public Accountant, Certified Internal Auditor, or both.
Preferred Qualifications:- Big 4 public accounting background at the Manager level or above, with significant internal
control over financial reporting or advisory experience.
- Experience taking a company through a full Sarbanes-Oxley Section 404(b) first-year
implementation and integrated audit.
- Familiarity with SaaS-specific risk areas: revenue recognition under Accounting Standards
Codification 606, commissions capitalization, deferred revenue, and usage-based billing.
- Experience operating in a private equity-backed environment and familiarity with sponsor
reporting cadences, covenant compliance, and Board package expectations.
- Exposure to acquisition integration audits, opening balance sheet reviews, and purchase
price allocation validation.
- Familiarity with Oracle enterprise resource planning audit and information technology general
controls testing in an Oracle environment.
- Certified Information Systems Auditor designation or equivalent information technology audit
experience.
- Experience with Securities and Exchange Commission reporting readiness, including
Management Discussion and Analysis support, disclosure controls assessment, and sub-
certification processes.
You'll Thrive Here If You...
- Are comfortable telling a Vice President or a business unit leader that their control does not
work and then helping them fix it.
- Build audit programs that are thorough enough to stand up to external auditor scrutiny but
practical enough that the business can actually execute them.
- Find unresolved audit findings genuinely offensive and manage remediation with the same
rigor you apply to fieldwork.
Senior Director / Vice President, Internal Audit and SOX
Know what audit-ready actually means at 11:00 PM the night before an external auditor
walkthrough.
- Can operate independently while keeping leadership and the Audit Committee appropriately
informed without over-escalating.
- Want to build a best-in-class internal audit function, not inherit one that is already finished.
- Thrive in an environment where the processes are still being designed and your judgment
matters more than the policy manual.