Director, IT internal Controls & Risk Compliance

Build the Future
At McGraw Hill, we are dedicated to delivering digital learning experiences that transform education for learners and educators. Our focus is on creating seamless, impactful products that truly benefit our users while supporting growth and collaboration across teams. We foster a culture that values innovation, teamwork, and a balance between career growth and personal well-being.

How can you make an impact?

The Director, IT Internal Controls & Risk Compliance for the Digital Enterprise Solutions (DES) organization leads the company's Sarbanes-Oxley (SOX) compliance implementation and establishes a scalable and sustainable IT control and governance framework appropriate for our dynamic environment. This role serves as the primary IT lead for SOX compliance, partnering with DES leadership, Finance, Internal Audit, and External Audit to design, document, test, remediate, and standardize controls across a complex landscape including McGraw Hilll's digital products, Oracle ERP, data and analytics environment, and multiple in-scope financial and operational applications. The ideal candidate leverages deep IT audit experience, strong technical understanding of complex multi-system environments, and exceptional leadership skills to drive compliance and mature our IT governance program, evolving beyond initial SOX implementation into broader risk management leadership.

This is a remote position open to applicants authorized to work for any employer within the United States.

What You'll Do:

1. Audit Execution and Risk Assessment: Plan and develop audit scope for complex assessments including SOX and SOC2 audits; participate in end-to-end engagements from planning through risk assessment, execution, reporting, issue validation, and follow-up; apply a robust understanding of business and IT risks and how controls address these risks. Provide advisory support to Internal Audit on operational or nonSOX IT audits as needed.
2. Internal Controls & Remediation: Provide guidance to control owners on designing and implementing effective controls, ensure timely remediation of deficiencies, recommend improvements; design and implement controls for new entities and evolving business processes; support SOX readiness initiatives and system implementations to embed business, IT, and automated controls appropriately.
3. SOX and Compliance Expertise: Apply strong knowledge of SOX requirements, internal control frameworks (COSO, COBIT, NIST), and risk assessment principles to identify control gaps, assess risks, and recommend practical, business-focused solutions; effectively communicate SOX control concepts, audit findings, and remediation expectations to process owners and management, including senior leadership
4. IT Controls Implementation & Sustainment: Lead evaluation and implementation of IT General Controls-including user access provisioning/deprovisioning and periodic reviews, segregation of duties considerations, change management and release controls, and operations controls (interfaces, batch processing, backups, monitoring); assess and document controls across complex application landscapes such as digital products, Oracle ERP, legacy/custom, and SaaS; maintain comprehensive risk & control matrices, narratives, and system architecture documentation; partner with Finance and other stakeholders to identify IT-dependent controls and support audit walkthroughs and testing.
5. Program Development & Sustainability: Participate in the building of an enterprise IT risk and compliance program beyond initial SOX implementation; maintain an inventory of in-scope applications, infrastructure, and related risks; align IT risk management with enterprise and DES risk initiatives; support development of IT policies and standards, and the creation of metrics for executive, Committee, and Audit reporting; integrate recognized governance frameworks and establish sustainable compliance monitoring processes.
6. Collaboration & Coordination: Coordinate audit activities with external auditors to maximize efficiency, leverage work performed, and minimize disruption to the business; build strong relationships across DES, IT, Finance, Internal Audit, and business partners; collaborate effectively to partner across functions and stakeholders.

Who You Are:

• 7+ years of progressive experience in IT audit, IT risk management, or SOX compliance within a complex corporate environment.
• Proven track record in planning and executing internal, SOX (Business & IT), operational, and IT audits
• Experience supporting SOX implementations or major control transformations preferred
• Experience working with PCAOBregulated auditors
• Familiarity with audit management tools
• Big 4 or equivalent publiccompany experience preferred
• Advanced understanding of internal control frameworks and risk assessment methodology
• Exceptional leadership, communication, problem-solving, critical thinking, and stakeholder management capabilities
• Ability to coach and guide control owners; demonstrated ability to build consensus and work across a matrixed organization.

Why work for us?

The work you do at McGraw Hill will be work that matters. We are collectively building experiences that will help shape the future of education. Play your part and experience a sense of fulfilment that will inspire you to even greater heights.

The pay range for this position is between $124,000 - $165,000 annually. However, base pay offered may vary depending on job-related knowledge, skills, experience, and location. An annual bonus plan may be provided as part of the compensation package, in addition to a full range of medical and/or other benefits, depending on the position offered. Click here to learn more about our benefit offerings.

McGraw Hill recruiters always use a "@mheducation.com" email address and/or from our Applicant Tracking System, iCIMS. Any variation of this email domain should be considered suspicious. Additionally, McGraw Hill recruiters and authorized representatives will never request sensitive information in email.

McGraw Hill uses an automated employment decision tool (AEDT) to assist in the screening process by recommending candidates with "like skills" based on resume and job data. To request an alternative screening process, please select "Opt-Out" when asked to "Consent to use of Automated Employment Decision Tools" during the application.