IT SOX & GRC AI Operations & Security Lead

Essential functions

SOX IT Program Leadership

• Lead and manage the organization's end-to-end IT SOX compliance program

• Own SOX IT planning, scoping, testing, remediation, and reporting activities

• Build scalable, automated, and sustainable controls

• Develop and maintain the SOX IT compliance roadmap aligned with organizational growth

• Pioneer the use of AI and automation technologies to enhance control effectiveness, continuous monitoring, and risk detection

• Drive IT controls rationalization initiatives to optimize the control environment and increase reliance on IT automated controls (ITACs)

AI governance and regulatory compliance EU, US, UK

• Assess internally developed and third party AI systems deployed within the organisation against applicable regulatory frameworks, including EU AI Act Annex III high-risk classifications, UK AI governance guidance, and emerging US federal AI requirements

• Assist in conforming to, and obtaining formal AI compliance to these regulatory frameworks and relevant industry standards such as ISO 42001 and CSA Star AI

• Support compliant AI SDLC for internally developed AI systems

• Maintain audit-ready documentation for AI systems in scope, including risk classifications, technical documentation, and evidence of human oversight and transparency obligations

• Support the organisation's Declaration of Conformity process for high-risk AI systems and contribute to the AI governance programme 

• Address AI compliance requirements and requests from Grid Dynamics customers

• Assist in designing AI governance and compliance training programs

ITGC and Application Controls

• Design, implement, and monitor IT General Controls (ITGCs) across critical systems

• Evaluate and test application controls and IT automated controls (ITACs) to ensure proper functionality and compliance

• Conduct system and process risk assessments to identify control gaps and remediation needs

• Oversee control documentation and ensure audit-ready evidence is maintained (IDS capitalisation review (ASC 350-40)

• Assess and monitor Systems Development Life Cycle (SDLC) controls for new system implementations and changes

Cross-Functional Partnership

• Partner with Engineering, Security, IT, HR, BTS, Legal and Finance teams to implement scalable controls

• Work directly with technical partners to design controls that align with business operations

• Collaborate with process owners to identify control improvements and automation opportunities

• Support SEC cybersecurity disclosure requirements and ongoing monitoring of cyber risks

External Audit Management

• Serve as the primary point of contact for external auditors on IT SOX matters

• Manage audit requests, coordinate testing schedules, and facilitate audit walkthroughs

• Track and report on IT SOX compliance status to leadership, the Board, and Audit Committee

• Assist with successful conduct of other relevant auditing activities, including but not limited to ISO 27001, ISO 42001 and similar standards, as well as second party audits from our customers

Qualifications

• Have 5+ years of hands-on IT audit (e.g. ITIL) and SOX compliance experience, preferably in either Big 4 and/or in-house internal audit/SOX leadership roles at a fast-paced technology company

• Have proven ability to establish or scale SOX IT compliance programs at newly public or pre-IPO companies

• Possess deep understanding of ITGCs, application controls, and risk assessments

• Familiar with AI governance and regulatory frameworks and industry standards

• Have strong project management, analytical, and communication skills

• Hold a Bachelor's degree in Information Systems, Computer Science, Accounting, or a related field

• Are passionate about building scalable processes that support organizational growth at the age of AI
  

Would be a plus

• Experience with enterprise business systems

• CISA, CIA, CPA, AIGP, CRAGE, AAIA or similar certifications 

• Experience supporting rapid company growth including via M&A, and scaling compliance programs accordingly

• Interest in or experience in both auditing and applying AI/ML technologies to audit, compliance, or risk management processes

• Understanding of relevant information security and compliance requirements

• Experience working at a high-growth AI or technology company

• Familiarity with SDLC foundations and auditing modern software development environments

We offer

• Opportunity to work on bleeding-edge projects
• Work with a highly motivated and dedicated team
• Competitive salary
• Flexible schedule
• Benefits package - medical insurance, sports
• Corporate social events
• Professional development opportunities
• Well-equipped office

About us

Grid Dynamics (NASDAQ: GDYN) is a leading provider of technology consulting, platform and product engineering, AI, and advanced analytics services. Fusing technical vision with business acumen, we solve the most pressing technical challenges and enable positive business outcomes for enterprise companies undergoing business transformation. A key differentiator for Grid Dynamics is our 8 years of experience and leadership in enterprise AI, supported by profound expertise and ongoing investment in data, analytics, cloud & DevOps, application modernization and customer experience. Founded in 2006, Grid Dynamics is headquartered in Silicon Valley with offices across the Americas, Europe, and India.