An opportunity has emerged in our network for an IT Risk Director at CFGI, a firm specializing in IT Internal Audit, SOX compliance, attestation, and various assessments for Fortune 500, mid-cap, and start-up companies.

This is a senior leadership consulting role, offering fully remote work within the United States. Pay information was not provided in the posting.

Role Summary and Leadership Focus

The IT Risk Director is responsible for leading project teams, managing client relationships, driving business development, and taking on internal firm leadership responsibilities for the Risk Advisory team.

• Engagement Oversight: Lead engagements spanning IT Internal Audit, SOX implementation and testing, attestation/certification readiness (SOC 1, SOC 2), business process improvement, and compliance assessments.
• Project Management: Approve engagement scope, project plans, risk assessments, and testing approaches. Review and approve IT controls testing, process narratives, flow charts, and other assessment procedures.
• Client & Stakeholder Interaction: Interact with clients, their external auditors, and other professional service firms. Prepare reports and presentations (including for Audit Committee meetings), identify value-add areas, and develop/manage client relationships.
• Firm Leadership: Serve as part of the Firm’s leadership with internal responsibilities for staff development, training, and continuous improvement of the Risk Advisory team.
• Business Development: Actively engage in business development activities with both new and existing clients.

Required Experience and Qualifications

The ideal candidate possesses deep IT audit and risk management experience, combined with strong project management and communication skills.

• Experience: 7 to 12 years of experience in public accounting and/or industry performing IT audit, systems implementations, or Information Security.
• Certifications/Education (Required):
  • Certified CISA, CIA, or other standard auditing certification combined with solid IT audit experience (non-certified hires are required to become certified within 1 year).
  • Undergraduate degree in Computer Science, Information Systems Audit, Management Information Systems, or a similar relevant degree.
• Technical Knowledge: Strong technical skills and a working knowledge of:
  • SOX IT General Controls (ITGC)
  • COSO, SOC 1, and SOC 2
  • Awareness of ISO 27001, NIST standards, HIPAA, FAIR, and other relevant standards.
• Skills: Strong project management skills, excellent interpersonal, written, and oral communication skills, and effective analytical and critical thinking abilities.