IT Governance, Risk & Compliance Manager (SOX) Own and uplift the IT controls that keep Zip secure, compliant and audit-ready Bring deep experience in SOX, IT assurance and control design within cloud and SaaS environments Hybrid working from our Sydney office so you can collaborate meaningfully while doing your best work Write your story with a career at Zip Join Zip’s Technology function, responsible for building and maintaining seamless, secure and sustainable platforms that enable customers to shop with confidence and merchant partners to grow their brands. In this team, we obsess over resilience, safety and trust, working collaboratively to ensure our systems scale securely as Zip continues to grow. As our IT GRC Manager (SOX), you will own the IT component of Zip’s Sarbanes-Oxley (SOX) compliance program for Internal Controls over Financial Reporting. Reporting into Zip’s Director of Security, you’ll be the connective tissue between Technology, Finance SOX, Enterprise Risk, and external auditors, ensuring our controls are designed and operating effectively. This is a hands-on audit and assurance role focused on governance, coordination and control effectiveness, giving you the opportunity to partner deeply across the business while strengthening Zip’s risk and compliance maturity. What you'll Own Lead annual SOX scoping, planning and reliance strategies in partnership with Finance SOX and Enterprise Risk, ensuring clear alignment across the organisation. Maintain Zip’s IT Risk and Control Matrix in line with COSO 2013 and PCAOB standards, ensuring our control environment is accurate, resilient and fit for purpose. Conduct walkthroughs, testing and documentation of IT General Controls and key application controls to ensure they are operating effectively. Manage evidence requests, sampling, re-performance testing and all PBC coordination with auditors. Validate Information Produced by the Entity, ensuring accuracy and completeness of key reports and data sets used in ICFR. Review SOC 1 and SOC 2 reports, assess CUECs and confirm Zip’s internal controls address any identified requirements. Tack, validate and report on remediation progress for IT control deficiencies, providing clear visibility to leadership, Finance SOX and ERM. Deliver regular ICFR testing status updates and insights to internal stakeholders and external auditors. What you'll bring to the team 6 plus years’ experience in IT audit, IT governance or SOX compliance, with hands-on ownership of IT SOX programs Strong working knowledge of SOX Sections 302 and 404, COSO 2013 and PCAOB AS 2201\ Proven experience conducting ITGC walkthroughs, testing and evidence validation within ICFR environments Understanding of cloud and SaaS architectures and their impact on control design and assurance Clear written and verbal communication skills, with the ability to translate technical concepts into audit-ready documentation Experience using GRC or audit workpaper platforms, with strong Excel capability for sampling, data validation and IPE analysis A mindset that embraces AI and new tools to adapt, learn and grow. An aptitude for identifying and managing risks. Whether you are a People Manager or an Individual Contributor, we are all leaders at Zip, therefore effective risk management is important to how we run our business and part of all our roles. Our values in your DNA: Customer First, Own It, Stronger Together and Change the Game What you’ll get in return As we write this next exciting chapter in our story, we will continue to move at pace and embrace change. For you, this might mean opportunities to learn new skills with hands-on experience, broader responsibilities, or the buzz of seeing your work impact customers faster. Zip is a place where you’ll get out exactly what you put in. When you join the team, we'll do our best to make sure you can be yourself and surround yourself with smart, friendly colleagues and leaders who have your back, so that you can make the big things happen. Zipsters tell us these are just some of the best things about working here. You’ll also receive: 25 days paid leave annually, including birthday leave and quarterly wellbeing days 16 weeks paid parental leave for primary carers, and 4 weeks for supporting carers Family support policies including miscarriage bereavement leave and domestic violence leave Mental health and wellness initiatives, including $299 annual wellbeing allowance, free access for you and family members to our EAP service Sonder, discounted private health insurance and great rates on fitness sessions through ClassPass Access to the Flare Benefits Hub and Novated Leasing for savings across lifestyle, essentials and wellbeing 2 days paid volunteering leave per year Fee-free Zip products, and discounts with Zip merchant partners Team social events, epic offices, free breakfast daily, and weekly free lunches Be a part of a team that reflects the diversity of our customers We pride ourselves on being a workplace that provides equal opportunities to people of all ages, cultural backgrounds, sexual orientations, gender identities, abilities, veteran status, and everything else that makes you unique. Equally, we’re committed to ensuring our recruitment processes are accessible and inclusive. Please let us know If there are any adjustments that need to be made to ensure you have a fair and equitable experience. And finally…get to know us Zip Co Limited (ASX: ZIP) is a digital financial services company, offering innovative, people-centred products that bring customers and merchants together. Operating in two core markets - Australia and New Zealand (ANZ) and the US, Zip offers point-of-sale credit and digital payment services, connecting millions of customers with its global network of tens of thousands of merchants. We’re proud to be a values-led business and our values - Customer First, Own it, Stronger Together and Change the Game - guide us in everything we do. LI-Hybrid