Head of SOX and Internal Controls

Remote $165k–$275k 2 months ago full-time quality 8.1/10

What you’ll be doing:

  • Own the SOX Business Controls Framework
  • Define and maintain the enterprise SOX business process control framework, including scoping, risk assessment, control design standards, and documentation requirements.
  • Ensure alignment of the SOX program with evolving business activities, new products, system changes, and external regulatory expectations.
  • Lead End‑to‑End SOX Program for Business Processes.
  • Oversee annual SOX risk assessment, scoping, and materiality determinations for business processes.
  • Lead the design and implementation of key and non‑key business controls, including manual, automated, and IT‑dependent controls.
  • Drive timely remediation of control deficiencies, including the design and implementation of sustainable corrective actions.
  • Partner Across Finance, Operations, and Technology
  • Collaborate with Controllership, FP&A, Tax, Treasury, Operations, Compliance, Legal, and Engineering to embed effective controls into end‑to‑end processes (order‑to‑cash, procure‑to‑pay, record‑to‑report, revenue, digital asset flows, etc.).
  • Influence product and system design to "build in" controls and auditability from the outset, minimizing manual workarounds.
  • Coordinate with Internal and External Auditors - Serve as the primary business controls liaison with Internal Audit and external auditors for SOX business process testing, walkthroughs, and evidence requests. Align on testing strategies, reliance on management testing, and expectations for control operation and documentation.
  • Drive Continuous Improvement and Automation - Identify opportunities to streamline, standardize, and automate controls, reducing operational friction while maintaining control effectiveness. Champion data‑driven monitoring and analytics to enhance control precision and early‑issue detection.
  • Leadership, Governance, and Communication - Provide regular updates on SOX status, key risks, and remediation progress to senior leadership (e.g., CAO, CFO, Audit Committee support). Establish governance forums and routines for control owners and process owners, including training, playbooks, and guidance. Build, lead, and develop a high‑performing SOX business controls team (and/or influence a matrixed virtual team across the organization).

What we look for in you:

  • 13+ years of progressive experience in SOX, internal controls, internal audit, or risk management, with significant exposure to public company environments.
  • Strong technical understanding of SOX 404, PCAOB standards, COSO framework, and best practices for business process control design and testing.
  • Demonstrated experience leading large‑scale SOX or controls programs and managing complex cross‑functional initiatives.
  • Proven ability to work effectively with senior leaders (CFO, CAO, Controller, Head of Internal Audit, business and product leaders) and to influence without direct authority.
  • Deep experience with core finance and operational processes (e.g., revenue recognition, financial reporting, procurement, disbursements, payroll, digital asset movement and safeguarding, etc.).
  • Excellent communication skills, with the ability to translate complex control concepts into clear, actionable guidance for non‑experts.
  • Professional certification such as CPA, CA, CIA, CISA, or CRMA.
  • Experience in high‑growth, technology‑driven or financial services / crypto / fintech companies.
  • Familiarity with ERP systems and subledgers, workflow tools, and control automation technologies (e.g., RPA, data analytics, continuous control monitoring).
  • Experience managing or implementing SOX in multi‑jurisdictional or multi‑entity global environments.

What the company offers:

  • Competitive salary range of $165K-$275K.
  • Total compensation may also include equity and bonus eligibility and benefits (including medical, dental, and vision).
  • In-person participation is required throughout the year with team and company-wide offsites held multiple times annually.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to Coinbase.