Director, IT SOX & Internal Controls

Company Description

Guardant Health is a leading precision oncology company focused on guarding wellness and giving every person more time free from cancer. Founded in 2012, Guardant is transforming patient care and accelerating new cancer therapies by providing critical insights into what drives disease through its advanced blood and tissue tests, real-world data and AI analytics. Guardant tests help improve outcomes across all stages of care, including screening to find cancer early, monitoring for recurrence in early-stage cancer, and treatment selection for patients with advanced cancer. For more information, visit guardanthealth.com and follow the company on LinkedIn, X (Twitter) and Facebook.

Guardant Health is seeking a Director, IT SOX & Internal Controls to join our Global Internal Controls & SOX Compliance Team. This role is responsible for the organization’s IT SOX compliance, operational audit readiness, and technology risk management. The ideal candidate possesses extensive SOX and audit expertise, coupled with strong leadership and technical acumen. They should understand system architecture, data flows, and programming to improve control automation and monitoring. This cross-functional position collaborates with the CIO’s organization, Finance, and other teams to ensure SOX 404 compliance and effective and sustainable internal controls in a rapidly scaling, technology-driven environment.

If you possess a bright mind, a friendly disposition, an insatiable curiosity for knowledge, perceive challenges as steppingstones to learning, are driven by the pursuit of novel experiences and obstacles, and derive immense satisfaction from collaborating with both humans and artificial intelligence, we would be delighted to engage in a conversation with you.

This is a hybrid work arrangement, with three days in our Palo Alto office and two days working remotely, reporting to our Head of Global Internal Controls and SOX Compliance.

You're excited about this opportunity because you will…

IT SOX Program Leadership

• Lead and manage the organization's end-to-end IT SOX compliance program for business processes, encompassing the following responsibilities: scoping, risk assessment, control design, testing, issue remediation, and management reporting.
• Assess the design and operational effectiveness of IT General Controls (access management, change management, computer operations) and IT Application Controls (ITACs) throughout the company’s technology infrastructure, considering their end-to-end impact on financial reporting.
• Drive IT controls rationalization initiatives to optimize the control environment and increase reliance on IT automated controls (ITACs).
• Pioneer the use of AI and automation technologies to enhance control effectiveness, continuous monitoring, and risk detection.
• Provide comprehensive and succinct reporting on the status of control health, emerging risks, and compliance roadmap aligned with organizational growth.
• Remediation Oversight: Collaborate with process owners to develop complete remediation plans for control deficiencies, ensuring that the root causes are identified, validated, and scalable.
  
  

External Audit Management

• Be the primary IT point of contact for external auditors, ensuring the seamless coordination of testing procedures and the timely implementation of remedial actions for identified deficiencies.
• Drive reliance strategy discussions and minimize duplication of testing.
  
  

Strategic Risk Advisory

• Partner with IT Infrastructure & Operations, Business Applications, Software Engineering, and Security teams to provide proactive guidance on control design for new system implementations, cloud migrations, infrastructure changes and platform upgrades, and new product launches.
• Cohort with Security team on identity management and third-party risk management.
  
  

Process Automation & Efficiencies

• Drive efficiency by transitioning from traditional point-in-time testing to continuous monitoring using data analytics and automation tools.
• Identify emerging risks associated with SOX and IT GRC compliance, and their potential impact on business operations and system transformations.
• Maintain a broad understanding of audit guidelines and emerging technological risks.
  
  

Leadership & Management Reporting

• Lead and develop team members, including coaching, performance management, and skill development.
• Cultivate cross-functional collaboration among teams without direct authority, while simultaneously promoting a robust internal control framework, fostering ownership and accountability.
• Translate technical IT and compliance risks into financial reporting controls and business impact.
• Collaborate with Finance leadership to ensure IT risks are appropriately reflected in management certifications and disclosures.
  
  

Qualifications

We're excited about you because you have…

• Bachelor’s degree (or equivalent experience) in Information Systems, or a related field. Master’s degree or CISA preferred.
• 12 overall years of hands-on audit experience in information technology, audit, SOX compliance, cloud applications, information security, networks, and infrastructure.
• 5 years of leadership experience in a fast-paced, global environment.
• Strong project management and organizational skills with the ability to oversee complex programs.
• Strong critical thinking mindset, analytical and problem-solving skills with exceptional attention to detail.
• Outstanding communication and leadership skills to influence and collaborate at all levels.
  
  

Technical Expertise Requirements

• Strong understanding of internal controls over financial reporting (ICFR), COSO, COBIT, and NIST frameworks, and the ability to audit complex SDLC/Agile processes.
• Cloud Infrastructure: Hands-on experience auditing AWS or Azure environments.
• Solid programming or scripting skills (e.g., SQL, Python, PowerShell, or similar).
• Systems: Experience with Oracle, Salesforce, Workday, and Lab systems (i.e., LabVantage)
• Analytics & Automation: Proficiency with data analytics, AI & GRC tools (e.g., Tableau, AuditBoard).
• Software Lifecycle: Deep familiarity with modern CI/CD pipelines & automated deployment controls.
  
  

Nice to Have…

• Life Science /Healthcare industry experience.
  
  

Why Guardant Health?

• As a member of the Guardant Health Global Internal Controls team, you will have numerous opportunities to collaborate with diverse and highly motivated individuals. You are encouraged to embrace your authentic self and serve as a role model for your colleagues.
• We are a successful, fast-growing Life Sciences company, conquering cancer with data and wellness!
• We are committed to our patients, partners, peers, fostering transparency, boldness & being original.
• We are passionate about problem-solving, creative thinking, and impact-driven work achieved through strategic collaboration and efficient processes.
• We uphold the principles of autonomy, initiative, and recognizing that every moment matters.
• We approach our work with utmost seriousness, yet we also make time to celebrate and enjoy ourselves.
  
  

Hybrid Work Model: This section is applicable to onsite employees who are eligible for hybrid work location as specified by management and related policies. Guardant has defined days for in-person/onsite collaboration and work-from-home days for individual-focused time. All U.S. employees who live within 50 miles of a Guardant facility will be required to be onsite on Mondays, Tuesdays, and Thursdays. We have found aligning our scheduled in-office days allows our teams to do the best work and creates the focused thinking time our innovative work requires. At Guardant, our work model has created flexibility for better work-life balance while keeping teams connected to advance our science for our patients.

The annualized base salary ranges for the primary location and any additional locations are listed below. This range does not include benefits or, if applicable, bonus, commission, or equity. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, education, job-related skills, job duties, and business need. Primary Location: Palo Alto, CA Primary Location Base Pay Range: $197,200 - $271,150 Other US Location(s) Base Pay Range: $167,620 - $230,478 If the role is performed in Colorado, the pay range for this job is: $177,480 - $244,035

Employee may be required to lift routine office supplies and use office equipment. Majority of the work is performed in a desk/office environment; however, there may be exposure to high noise levels, fumes, and biohazard material in the laboratory environment. Ability to sit for extended periods of time.

Guardant Health is committed to providing reasonable accommodations in our hiring processes for candidates with disabilities, long-term conditions, mental health conditions, or sincerely held religious beliefs. If you need support, please reach out to Peopleteam@guardanthealth.com

A background screening including criminal history is required for this role. GH will consider qualified applicants with criminal arrest or conviction histories in a manner consistent with applicable law including but not limited to the LA County Fair Chance Policies and the Fair Chance Act (Gov. Code Section 12952).

Guardant Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

All your information will be kept confidential according to EEO guidelines.

To learn more about the information collected when you apply for a position at Guardant Health, Inc. and how it is used, please review our Privacy Notice for Job Applicants.

Please visit our career page at: http://www.guardanthealth.com/jobs/