Director, Technology Risk & Controls

Director, Technology Risk & Controls

Location: Hybrid, Birmingham, MI
Employment Type: Full-Time
Compensation: $138,000.00 - $172,250.00 (Range applies to US candidates only) + Benefits/Variable Comp/Equity - Range may vary based on experience. Benefits Offered: Vision, Medical, Life, Dental, 401K

Summary

As a growing software company, the solutions we offer our customers are dynamic. We seek to stay ahead of trends surrounding data security and compliance with global technical controls. Our latest strategic direction has opened new requirements around data security and internal process standards as well external audit requirements surrounding the integrity of data processing and financial reporting.

The Director of Technology Risk & Controls plays a strategic leadership role in identifying, managing, and mitigating technology-related risks across the organization. This position serves as a key advisor in ensuring regulatory compliance and embedding a robust control environment that supports both operational excellence and audit readiness. Responsibilities would include assessing new initiatives to identify potential impacts on SOX and other regulatory frameworks; leading compliance oversight by ensuring adherence to standards including SOX by guiding and monitoring identity governance practices; strengthening the technical controls environment by partnering with the business and technology stakeholders to embed effective IT and Information Security controls that support governance, risk management, and compliance; and support enterprise audits by evaluating the risks associated with current technical process and procedures, document findings and actionable recommendations.

Ideal candidates will be self-starters, accountable, results-driven, ethical, hard-working, personable, persistent, flexible, adaptable, curious and assertive. Having a strong sense of ownership, as well as working independently and with a team, will help you be successful in this role.

Primary Duties and Responsibilities

• Execute the Technology Risk & Controls strategy across multiple domains.
• Lead the identity governance program aligned with enterprise risk priorities.
• Update and manage segregation of duties rulesets and conflicts for critical systems.
• Oversee the design and implementation of IT controls, including SOX, cybersecurity, and operational controls.
• Monitor control effectiveness and drive remediation efforts for identified gaps.
• Establish continuous control monitoring programs using data analytics and automation.
• Collaborate with senior leadership, audit, compliance, and business units to ensure risk transparency.
• Develop and improve risk frameworks, control matrices, and assessment methodologies.
• Partner with Internal Audit and Compliance teams to ensure proper SOX controls are defined and tested for new and existing projects.
• Conduct risk evaluations for technology initiatives, identifying gaps and recommending remediation plans.
• Provide advisory guidance on SOX and general controls during system implementations, upgrades, and process changes.
• Act as a key stakeholder in project planning and development to assess risk and control implications.
• Serve as a liaison with regulators and external auditors during assessments and reviews.
• Communicate risk posture and mitigation plans to executive stakeholders.
• Foster a culture of accountability, innovation, and continuous improvement.
• Lead change initiatives to enhance the organization's risk maturity.
• Participate in security incident investigations.
• Gather internal evidence to support processes and procedures.
• Assist with the preparation work papers and supporting documentation.
• Assist in maintaining audit records and develop testing metrics.

Required Education and Experience

• BA/BS Degree or relevant combination of education and experience. MBA or MS in Accounting, Technical Operations, Security or Management.
• 15+ years of experience in a compliance capacity related to at least one of the following areas:
  
  
  
  • Internal Audit - Technical functions.
  • External Audit Requirements for Financial Reporting.
  • Service Organization Controls (SOC).
  • HIPAA.
  • SOX.
  • ISO.
  • FedRAMP.
  
  
  
  
• Strong track record in people management, to include:
  
  
  
  • Managing large teams of both direct reports and peers to facilitate engagements;
  • Running succession planning programs.
  • Identifying and coaching future leaders.
  • Building teams or functions from scratch or repurposing them.
  • Significant experience in auditing technical controls.
  
  
  
  
• Experience with IT Security & Infrastructure, Security Risk Management, SOC 2, FedRAMP, Security Policies and Procedures, Security Testing and Auditing, Internal Audit.
• Nice-to-have one or more of the following certifications:
  
  
  
  • Certified Information Systems Security Professional (CISSP).
  • Certified Public Accountant (CPA).
  • Certified Internal Auditor (CIA).
  • Information Technology Infrastructure Library (ITIL) Foundation.
  • ISO Internal Auditor.
  
  
  
  
• Strong sense of urgency and solution-oriented mindset.
• Strategic thinking and decision-making.
• Excellent analytical, organizational, and project management skills.
• Proficiency with Microsoft Office (Word, Excel, PowerPoint).

Knowledge, Skills, and Abilities

• Professional.
• Ethical.
• Credible.
• Competitive.
• Professional.
• Outgoing.
• Humble.
• Confident.
• Detail-oriented.
• Able to multi-task.

Who We Are

OneStream is how today's Finance teams can go beyond just reporting on the past and Take Finance Further by steering the business to the future. It's the only enterprise finance platform that unifies financial and operational data, embeds AI for better decisions and productivity, and empowers the CFO to become a critical driver of business strategy and execution. Our vision is to be the operating system for modern finance, digitizing core financial functions and empowering the CFO to become a critical driver of business strategy. To learn more visit www.onestream.com.

Why Join The OneStream Team

• Transparency around corporate structure, salary, and benefits
• Core value of customer success
• Variety of project work (not industry-specific)
• Strong culture and camaraderie
• Multiple training opportunities

Benefits at OneStream
OneStream employees are passionate, hardworking individuals who go above and beyond to keep our customers happy and follow through on our mission statement. They consistently deliver the best and in turn, we make every effort to keep them cared for and happy. A sample of the benefits we provide are:

• Excellent Medical Plan
• Dental & Vision Insurance
• Life Insurance
• Short & Long Term Disability
• Vacation Time
• Paid Holidays
• Professional Development
• Retirement Plan

All candidates must be legally authorized to work for any company in the country where this position is located without sponsorship.

OneStream is an Equal Opportunity Employer.

#LI-CB1
#LI-Hybrid