Director, IT SOX Compliance

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the Role

The Director, IT SOX Compliance is responsible for the strategic leadership, execution, and continuous enhancement of the Company’s IT SOX compliance program, ensuring a robust internal control environment over financial reporting. This role serves as a key enterprise partner, collaborating closely with IT, Engineering, Finance, Controllership, Internal Audit, and external auditors to design, document, assess, and strengthen IT controls across all in-scope systems and processes.

The ideal candidate is a seasoned IT SOX leader with deep expertise in IT general controls (ITGCs), application controls, audit coordination, and complex control remediation. This individual brings strong program governance, risk-based decision-making, and executive-level stakeholder management capabilities, enabling effective oversight of compliance initiatives while driving consistency, scalability, and continuous improvement across the organization.

What You'll Do

• SOX Program Management: Lead and drive the strategy, implementation, and continuous maintenance of our IT SOX compliance program end-to-end for the enterprise.
• Risk Assessments: Oversee the annual IT risk assessment and scoping process to ensure alignment with financial reporting risks.
• ITGC & Application Control Oversight: Oversee the design and effectiveness of IT General Controls (ITGCs) and key IT application controls (ITACs), including access management, privileged access, segregation of duties, change management, computer operations, interfaces, and key reports/IPE.
• Audit Coordination: Partner with Internal Audit and external auditors to coordinate requests, walkthroughs, testing, and timely resolution of control issues.
• SOX Documentation: Maintain high-quality SOX documentation, including risk and control matrices, narratives, flowcharts, and control evidence.
• Deficiency Remediation: Drive control deficiency remediation by partnering with control owners on root cause analysis, action plans, and retesting readiness.
• System Implementations: Support system design, upgrades, and major technology changes to ensure SOX requirements are built into processes and controls.
• Third-Party Assurance: Review third-party assurance reports (e.g., SOC 1) and assess vendor controls that may impact financial reporting.
• Stakeholder Guidance: Deliver training and guidance to control owners and stakeholders on SOX expectations, documentation standards, and audit readiness.
• People Leadership: Develop and inspire others while fostering a culture of one team modeling full ownership to delivery and outcomes expected.
• Program Scalability: Identify opportunities to improve the efficiency and scalability of the SOX program through automation, metrics, and GRC tools.
• Technical Communication: Communicate technical and regulatory specifications and requirements to non-technical personnel in a clear and understandable manner.

Who You Are

• Experience: 8+ years of relevant experience in IT Audit, IT SOX compliance, Information Security, or IT Risk Management, preferably within the tech industry or a Big 4 public accounting firm.
• Leadership: 5+ years of experience leading, mentoring, and building high-performing compliance or audit teams.
• Technical Acumen: Deep understanding of modern IT operations, including cloud security architectures (AWS, Azure, GCP), DevOps practices, agile change management, and complex logical access management. Must possess proven experience evaluating large-scale system implementations, Infrastructure as Code (IaC), and workflow orchestration.
• Tool Proficiency: Hands-on experience implementing and managing GRC platforms (e.g., AuditBoard, LogicGate, MetricStream, Archer, ServiceNow).
• Analytical Skills: Strong quantitative and problem-solving skills with a proven track record of utilizing data analytics and automating manual compliance processes.
• Communication: Exceptional ability to translate complex technical and regulatory specifications to non-technical personnel and executive leadership.