Director, IT SOX Compliance

About Gap Inc.

At Gap Inc., we create culture as much as we create clothes. Our ambition is to become a high-performing house of iconic American brands that shape culture.

Our portfolio—Old Navy, Gap, Banana Republic, and Athleta—each brings a distinct point of view to how we show up in the world and serve our customers.

Old Navy democratizes style with quality and value for all. Gap champions originality through essential pieces that celebrate individuality. Banana Republic is rooted in a spirit of discovery, creating modern pieces inspired by craftsmanship and travel. Athleta champions the Power of She through confidence, strength, and movement.

We’re driven by a shared purpose: to bridge gaps—between people, perspectives, and possibilities—to create a better world.

We’re building a team that performs at a high level—people who think boldly, take ownership, and turn ideas into impact. If you’re ready to learn fast and help shape what’s next, you’ll fit right in.

About the Role

The Director, IT SOX Compliance is responsible for the strategic leadership, execution, and continuous enhancement of the Company’s IT SOX compliance program, ensuring a robust internal control environment over financial reporting. This role serves as a key enterprise partner, collaborating closely with IT, Engineering, Finance, Controllership, Internal Audit, and external auditors to design, document, assess, and strengthen IT controls across all in-scope systems and processes.

The ideal candidate is a seasoned IT SOX leader with deep expertise in IT general controls (ITGCs), application controls, audit coordination, and complex control remediation. This individual brings strong program governance, risk-based decision-making, and executive-level stakeholder management capabilities, enabling effective oversight of compliance initiatives while driving consistency, scalability, and continuous improvement across the organization.

What You'll Do

• SOX Program Management: Lead and drive the strategy, implementation, and continuous maintenance of our IT SOX compliance program end-to-end for the enterprise.
• Risk Assessments: Oversee the annual IT risk assessment and scoping process to ensure alignment with financial reporting risks.
• ITGC & Application Control Oversight: Oversee the design and effectiveness of IT General Controls (ITGCs) and key IT application controls (ITACs), including access management, privileged access, segregation of duties, change management, computer operations, interfaces, and key reports/IPE.
• Audit Coordination: Partner with Internal Audit and external auditors to coordinate requests, walkthroughs, testing, and timely resolution of control issues.
• SOX Documentation: Maintain high-quality SOX documentation, including risk and control matrices, narratives, flowcharts, and control evidence.
• Deficiency Remediation: Drive control deficiency remediation by partnering with control owners on root cause analysis, action plans, and retesting readiness.
• System Implementations: Support system design, upgrades, and major technology changes to ensure SOX requirements are built into processes and controls.
• Third-Party Assurance: Review third-party assurance reports (e.g., SOC 1) and assess vendor controls that may impact financial reporting.
• Stakeholder Guidance: Deliver training and guidance to control owners and stakeholders on SOX expectations, documentation standards, and audit readiness.
• People Leadership: Develop and inspire others while fostering a culture of one team modeling full ownership to delivery and outcomes expected.
• Program Scalability: Identify opportunities to improve the efficiency and scalability of the SOX program through automation, metrics, and GRC tools.
• Technical Communication: Communicate technical and regulatory specifications and requirements to non-technical personnel in a clear and understandable manner.

Who You Are

• Experience: 8+ years of relevant experience in IT Audit, IT SOX compliance, Information Security, or IT Risk Management, preferably within the tech industry or a Big 4 public accounting firm.
• Leadership: 5+ years of experience leading, mentoring, and building high-performing compliance or audit teams.
• Technical Acumen: Deep understanding of modern IT operations, including cloud security architectures (AWS, Azure, GCP), DevOps practices, agile change management, and complex logical access management. Must possess proven experience evaluating large-scale system implementations, Infrastructure as Code (IaC), and workflow orchestration.
• Tool Proficiency: Hands-on experience implementing and managing GRC platforms (e.g., AuditBoard, LogicGate, MetricStream, Archer, ServiceNow).
• Analytical Skills: Strong quantitative and problem-solving skills with a proven track record of utilizing data analytics and automating manual compliance processes.
• Communication: Exceptional ability to translate complex technical and regulatory specifications to non-technical personnel and executive leadership.

Benefits at Gap Inc.

• Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
• One of the most competitive Paid Time Off plans in the industry.*
• Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
• Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
• Employee stock purchase plan.*
• Medical, dental, vision and life insurance.*
• See more of the benefits we offer.

*For eligible employees