IT SOX Compliance Director
Coupang is reimagining the shopping experience with the goal of wowing each customer from the instant they open the Coupang app to the moment an order is delivered to their door.
Powered by an outstanding end-to-end e-commerce and logistics network and a fanatical culture of customer centricity, Coupang has broken tradeoffs around speed, selection and price. Today, we provide exceedingly fast shipping speeds on millions of items including fresh groceries, delivered within hours nationwide, 365 days a year.
We are doing this for millions of consumers in Korea. Korea is home to one of the largest and fastest growing e-commerce opportunities anywhere in the world.
IT SOX Compliance Director – relocation to Seoul is preferred.
Coupang is looking for an Information Technology (IT) leader who will be responsible for the IT Sarbanes Oxley (SOX 404) Compliance activities. This role will ensure the effective execution of the SOX ITGC controls for Coupang IT functions, including affiliates.
Roles and Responsibilities:
Risk Assessment and Change Management
- Participate in the annual and quarterly SOX risk assessment activities with Finance Controls and Internal Audit teams to determine scope changes to SOX applications, infrastructure and supporting tools (app additions, updates, use case changes).
- For each application change, develop an understanding of its relevance to the end-to-end financial reporting process to identify relevant IT general controls across the five key domains (Logical Access, Change Management, Program Development, Computer Operations, and 3rd Party Service Organization Controls)
- For each relevant ITGCs based on above, perform a gap assessment to determine whether additional effort is needed to design and/or implement such controls on newly added or updated application.
- Coordinate with relevant IT and Engineering process owners to help define and design requirements and controls.
- Monitor, track, and report on the progress for implementing new requirements and controls
SOX Compliance on New Systems Development
- Through close interactions with IT, Engineering and Finance leadership, identify new systems development plans or upgrades to existing systems relevant to financial reporting.
- Work with relevant teams to ensure IT SOX controls are built into the planning, development, testing, data conversion, and go-live phases.
- Manage ITGC narratives, Risk and Controls Matrix, and the inventory of SOX in-scope IT systems, applications, supporting tools, and financial data flow mapping and keep them up to date on a quarterly basis.
- Implement process to monitor and ensure that in-scope repos and UAR entitlements are maintained and kept up to date by the Engineering and IT Security teams, respectively.
- Perform a review of IT policies semi-annually and recommend necessary updates to IT Policy owners.
- Ensure all ITGC Documentation, findings and audit requests are stored, collaborated on and accessible on the Company’s centralized SOX program management tool (Workiva)
- Define IT SOX training requirements, develop a training program, and execute such trainings with a defined frequency for relevant existing and new employees.
- Maintain an awareness of new and emerging IT risks, regulations and trends that impact technology controls and adjust IT risk assessments and IT controls accordingly
- Participate in and lead meetings to train and discuss IT risks and the Company’s IT control environment
- Be a hands-on contributor, writing and maintaining IT SOX technical memos, running reports, change management reports, and presenting results to stakeholders
- Develop an in-depth understanding of in-scope ITACs and Key Reports.
- Monitor continued adequacy of ITAC and Key Report configurations
- Seek, rationalize, and advocate opportunities for improving automation and IT controls around key reports used by Finance and Accounting personnel.
Program Management, Reporting, and Liaison
- Provide PMO support for internal and external IT control audits, participate in IT walkthroughs, and assist management in responding to internal and external auditor requests relating to ITGCs, IT Application Controls (ITACs), and Key Reports configurations.
- Effectively communicate status of IT control activities, verbally and in writing. Ensure that stakeholders are kept up to date on key information.
Deficiencies and Improvements
- Drive IT control deficiency remediation efforts, including conducting root cause analysis, impact analysis, identify mitigating controls, creating remediation plans and hands-on coordination with IT process owners ensuring the success of remediation activities
- Perform quarterly IT deficiency evaluations in coordination with Finance Internal Controls Team.
- Assist IT and Engineering management in the creation of a controls improvement strategy, and oversee implementation of those control improvements
- In partnership with Finance Internal Controls, Security, Engineering, and Corp IT teams, monitor SOD conflicts with defined frequency, identify adequate mitigations, and oversee removal of unmitigated conflicting roles.
- Maintain an inventory of SOX in-scope 3rd party service organizations, obtain, and evaluate SOC reports based on a defined frequency, document results, and lead remediation of any unmitigated risks.
- Manage a team that is responsible for the overall program, including performing managerial duties and oversight into day-to-day activities, including performance management, and development goals.
- Other duties as may be required to fulfill the role
Education / Skills / Experience:
- Bachelor’s degree computer sciences, mathematics, management/computer information systems, accounting, or related fields. MBA or relevant graduate degree preferred – can be replaced by experience
- Minimum 10 years of related work experience in information technology SOX compliance, IT risk management, or related fields
- Expert knowledge of Sarbanes-Oxley Section 404 (SOX) and IT General Controls
- Professional auditing, security, or technology designation (e.g., CIA, CISA, CISSP, CISRM, etc.)
- Knowledge of IT / Information Security risks and controls principles
- Experienced with controls, or risk management with enterprise and web applications, IT security practices, privacy, and various infrastructure platforms
- Expertise in analyzing, problem determination, and resolving complex IT problems
- Solid understanding of leading practices around IT controls, such as the COBIT, COSO Internal Control – Integrated Framework.
- Strong familiarity with AWS services and containerized distributed systems
- Strong familiarity with relational, object-oriented and messaging queue infrastructure
Other Key Attributes
- Excellent written and oral communication
- Ruthless Prioritization: Self-directed and accountable with the ability to manage competing tasks within specified deadlines
- Move with Urgency: Proven track record driving tangible results on short deadlines
- Strategic thinking and implementation
- Comfortable with Executive engagement and communication
- Interpersonal and relationship development communication skills
- Ability to be collaborative and to encourage collaboration
- Ability to positively influence others
Recruitment Process and Others
1. Recruitment Process: Application Review - Phone Interview - Onsite Interview - Offer
(The recruitment process may be different depending on the job and may be changed due to scheduling and circumstances.)
a. This job post may be closed early if all openings are filled.
b. If there is any false information in the application, the offer may be cancelled.
c. Veteran status or disability will not result in any disadvantages in the recruitment process.
d. Interview schedules and the results will be informed to the applicant via the e-mail address submitted at the application stage.