Mediabistro logo
job logo

IT Control Assurance Director

National Black MBA Association, dallas, tx, United States

About the Role

As a Director of IT SOX & Controls Assurance at CBRE, you will lead and execute IT SOX compliance and readiness projects, ensuring the design and operating effectiveness of IT general controls (ITGCs), IT application controls (ITACs), and key reports. You will deliver high‑quality IT controls assessments for new system implementations, manage relationships with controllership, project teams, internal audit, external assurance providers, and consultants, and provide strategic guidance to senior stakeholders on IT and emerging technology risks, controls, and compliance matters. The role reports directly to the Global Head of ESG Reporting and Financial Assurance and works closely with functional areas and business segments to maintain CBRE processes and systems in alignment with SOX requirements.

Responsibilities

  • Lead and execute day‑to‑day operation of the IT projects compliance assessment, including process and system walkthroughs, SDLC approach adoption and development, controls testing related to key pre‑implementation assessment areas, issues and improvement opportunities identification, and assistance of stakeholders in remediation of gaps.
  • Develop, execute and maintain IT SOX readiness scoping exercise and IT risk assessment/identification, and advise leadership and senior stakeholders on IT control issues, emerging risks, and project enhancements.
  • Lead and collaborate with internal audit team on IT scoping methodology governance such as advising the criteria by which systems and processes are in or out of SOX scope.
  • Own and maintain the IT controls policy framework, control standards, and control taxonomy for financial reporting, periodically benchmarking against regulatory changes (SEC, PCAOB) and evolving industry frameworks (COSO, COBIT) to ensure the control library remains current and fit for purpose.
  • Lead, execute and review relevant testing of ITGCs and ITACs, evaluate controls over key reports (IPE), and validate management’s remediation plans for identified deficiencies and track them to timely closure. Identify key reports, interfaces, automated controls along with ITGC testing.
  • As part of SDLC pre‑implementation reviews, assess data migration plans and reconciliation controls from source to target systems, validate UAT and SIT testing cycles for completeness and functionality gaps, review security including access assignment and segregation of duties, and assess complementary user entity controls (CUEC) mapping.
  • Review and challenge control design, identify control gaps and weaknesses, and recommend remediation actions.
  • Collaborate with process and system owners to plan and execute the project assessments timely, efficiently, and effectively, including pre‑implementation reviews of key systems and new systems in scope as part of organization changes, mergers, and acquisitions.
  • Review and/or draft and communicate the project assessment reports including delivery of all gaps, findings, and observations identified during the testing and recommendation for remediation. Timely follow‑up with management on remediation/implementation status.
  • Serve as primary point of contact for the systems/process owners and liaison for external auditors and internal audit team for all in‑scope IT SOX matters, managing requests, and providing guidance and support.
  • Provide proactive advisory on emerging technology risks affecting financial reporting integrity, including cloud migrations, AI/ML in financial processes, and robotic process automation, assessing control implications prior to go‑live and liaising with the digital & technology function on cybersecurity risks that intersect with ICFR objectives.
  • Manage internal and external resources/consultants, ensuring high‑quality work papers, testing, and documentation.
  • Provide thought leadership and IT control and SOX requirements educations and trainings to control / process owners.
  • Lead by example and model behaviors that are consistent with CBRE RISE values. Influence parties of shared interests to reach an agreement.
  • Identify, troubleshoot, and resolve day‑to‑day and moderately complex issues which may or may not be evident in existing systems and processes.

Qualifications

  • Bachelor’s degree in business, Accounting/Finance, Risk, Information Systems, Computer Science, or a relevant field; advanced degree preferred. In lieu of a degree, a combination of experience and education will be considered.
  • 10+ years of relevant experience with IT audit, IT risk management, and SOX compliance. Preferred experience in a large global company or similar experience with global accounting/consulting firms.
  • Thorough understanding and deep experience in SOX 404, COSO, COBIT, and IT control frameworks.
  • Strong knowledge of key business processes (e.g., revenue, procure‑to‑pay) and supporting ERP systems (e.g., Oracle, Workday, NetSuite) and/or legacy in‑house applications.
  • Extensive experience interfacing with external auditors and managing the IT SOX audit process.
  • Ability to lead the exchange of sensitive, complicated, and difficult information, and handle problems.
  • Extensive organizational skills and an advanced inquisitive and pragmatic mindset.
  • Proven experience in project management with diverse stakeholders is preferred.
  • Ability to manage priorities and critical deadlines with minimal direction.
  • Ability to interface with all levels of the organization to collect information and drive resolution.
  • Have an initiative‑taking approach and the ability to work with cross‑functional teams.
  • Strong writing and communication skills.
  • Professional certifications such as CISA, CISSP, CPA, risk management, project management certification (PMP), or equivalent are a plus.
  • Applicants must be currently authorized to work in the United States without the need for visa sponsorship.

Benefits

This role will provide the following benefits: 401(k), dental insurance, health insurance, life insurance, and vision insurance.

Equal Employment Opportunity: CBRE has a long‑standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.

#J-18808-Ljbffr