Director - GRC for SOX Systems

About the position

We are seeking an experienced and strategic Director of Governance, Risk, and Compliance (GRC). You will report to the Senior Director - GRC and help with an evolving workload in a fast-paced environment. If you are passionate about continuous learning and keeping up with cutting edge technology and influencing the future of GRC leveraging data and automation, then this is the position for you! Whether it is facilitating Mattel’s SOX compliance efforts or conducting ITGCs, we strive to enhance the effectiveness, efficiency and scalability of the company’s processes, systems, and underlying IT control environment. You will be expected to problem solve, collaborate, and move fast while keeping attention to detail. Position is expected to be Onsite role: El Segundo, CA. The Director will be instrumental in building a world-class IT GRC function, that provides assurance and advisory services regarding Mattel’s IT & Security governance, risk and control effectiveness. The Director must demonstrate significant experience with assessing risk and demonstrate excellence in designing and implementing a risk-based approach.

Responsibilities

• Partnering and strengthening relationships with key stakeholders (including Internal Audit, IT Engineering, Product Security teams, and external auditors) for ongoing risk assessments, proactive insights on risks and oversight on planned audit(s) planning & execution.
• Deep dive into Mattel’s IT environment to develop broad domain and technical understanding of our key policies, risks & controls in place to ensure that Mattel has a controlled IT environment.
• Overseeing the coordination and delivery of ITGCs and other IT controls to internal and external audit. Facilitate and lead IT control remediation efforts.
• Be a GRC Liaison for all system implementations and its SDLC processes.
• Develop and implement the GRC strategy aligned with organizational goals and regulatory requirements.
• Design and execute a comprehensive risk-based annual IT & Security internal GRC & audit plan for approval by all stakeholders that identifies and evaluates risk areas, controls, and compliance with internal policies and external regulations.
• Conduct risk assessments to identify system vulnerabilities, compliance gaps, and areas for improvement, ensuring robust protection against security threats and mismanagement.
• Lead, mentor, and develop our high-performing GRC team, fostering a culture of continuous improvement and professional growth.
• Prepare and communicate clear, concise reports to senior management, highlighting significant findings, risks, and recommendations for improvement.
• Work closely with key stakeholders, including Engineering, Product Management, Security / IT risk management, IT Enterprise Apps teams, to build strong working relationships and facilitate collaborative approaches to managing risk.
• Recommend enhancements to internal controls and processes based on audit findings and industry best practices.
• Conduct training sessions to promote awareness of internal controls, risk management, and compliance across the organization.

Requirements

• 15+ years of experience with a combination of IT / Security / audit and Tech Industry background.
• 10+ years in managing and building high performing teams.
• Experience with system implementations like Oracle Cloud.
• Hands-on experience with GRC platforms (e.g., AuditBoard, Fastpath, Archer, ServiceNow, etc.) and risk management tools.
• Experience in leading an IT / Security audit function.
• Bachelor’s or Master’s degree in Computer Science, Information Technology or Systems; or relevant MBA.
• CISA, CISSP, CISM, or similar certifications.
• Relevant work experience in IT SOX, other Technology or System audits and SOC 1 / SOC 2 / ISO / CIS controls assessment.
• In-depth knowledge of IT / IS management concepts such as logical access management, cybersecurity, change management and relevant auditing standards, compliance regulations, and risk assessment methodologies.
• A record of delivery of IT process improvement projects with technology processes and/or major tech companies along with generating automated metrics to measure effectiveness and consistency.
• Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment.
• Experience with cloud-based security & deployment practices, and certifications like AWS, Azure and Google Cloud is strongly preferred.
• Strong quantitative, analytical, data-intuition, and problem-solving skills, and proficiency in data analytics techniques.
• Working knowledge of internal controls and auditing techniques.
• Detail and team orientated; ability to work both independently and as a team member.
• Self-starter, ability to proactively problem-solve, identify, advocate for and execute improvements.
• Ability to manage multiple, concurrent projects efficiently and effectively.
• Effectively manage relationships with senior management and other key stakeholders.

Benefits

• Competitive total pay programs
• Comprehensive benefits
• Resources to help empower a culture where every employee can reach their full potential