Head of SOX and Internal Controls

About the Role

The ideal candidate will have a deep understanding of SOX 404, PCAOB standards, and the COSO framework, as well as experience in designing and testing business process controls across core finance and operational processes. With Coinbase's rapid expansion into new products and markets, the ability to manage SOX in a multi-entity environment is essential.

The company's remote-first approach means that the successful candidate will be able to work from anywhere in Canada, with regular in-person working sessions, known as 'surges,' taking place quarterly. This offers a unique opportunity for professionals to work on high-impact projects without being tied to a physical location.

What You Will Do

• Own the enterprise SOX business process control framework, including scoping, risk assessment, control design standards, and documentation requirements across all in-scope entities and processes.
• Lead the annual SOX risk assessment, materiality determinations, and end-to-end design and implementation of key and non-key business controls (manual, automated, and IT-dependent).
• Partner with Controllership, FP&A, Tax, Treasury, Operations, Compliance, Legal, and Engineering to embed effective controls into core processes such as order-to-cash, procure-to-pay, record-to-report, revenue, and digital asset flows.
• Drive timely remediation of control deficiencies by designing and implementing sustainable corrective actions, and serve as the primary business controls liaison with Internal Audit and external auditors for SOX testing, walkthroughs, and evidence requests.
• Build scalable control automation and data-driven monitoring capabilities that reduce operational friction while maintaining control effectiveness and enabling early-issue detection.
• Execute regular SOX status reporting to senior leadership (CAO, CFO, Audit Committee), and establish governance forums, training, playbooks, and guidance for control owners and process owners across the organization.
• Develop and maintain a thorough understanding of the company's business processes and risks, and identify areas for improvement.
• Collaborate with the Internal Audit team to ensure that audit findings are addressed and that control weaknesses are remediated.

What We Are Looking For

• 13+ years of progressive experience in SOX, internal controls, internal audit, or risk management, with significant exposure to public company environments and leadership of large-scale SOX programs.
• Deep technical knowledge of SOX 404, PCAOB standards, and the COSO framework, with demonstrated ability to design and test business process controls across core finance and operational processes (revenue recognition, financial reporting, procurement, payroll, digital asset safeguarding).
• Professional certification such as CPA, CA, CIA, CISA, or CRMA.
• Track record of influencing senior leaders (CFO, CAO, Controller, Head of Internal Audit) and driving cross-functional initiatives without direct authority in a high-growth, technology-driven or financial services environment.
• Proficiency with ERP systems, workflow tools, and control automation technologies (e.g., RPA, data analytics, continuous control monitoring), with experience managing SOX in multi-entity or multi-jurisdictional environments.
• Utilizes generative AI responsibly, maintaining human oversight to deliver business-ready outputs.
• Excellent communication and project management skills, with the ability to work effectively in a remote environment.

Nice to Have

• Experience with cloud-based ERP systems and workflow automation tools.
• Knowledge of digital asset flows and cryptocurrency regulations.
• Familiarity with agile project management methodologies.
• Certification in a related field, such as CFE or CRISC.

Benefits and Perks

• Competitive salary and benefits package.
• Opportunity to work on high-impact projects in a rapidly growing company.
• Remote-first approach with regular in-person working sessions.
• Professional development opportunities, including training and certification programs.
• Access to cutting-edge technologies and tools.
• Comprehensive health and wellness programs.
• Generous PTO and vacation policy.
• Flexible working hours and remote work arrangements.

• Tip: When applying for this role, make sure to highlight your experience with SOX and internal controls, and be prepared to provide specific examples of your work.
• To stand out, consider obtaining a certification in a related field, such as CFE or CRISC, and emphasize your knowledge of digital asset flows and cryptocurrency regulations.
• When preparing for the interview, research the company's business processes and risks, and be ready to discuss your approach to managing SOX in a multi-entity environment.
• Consider creating a portfolio that showcases your experience with control automation and data-driven monitoring capabilities.
• Be prepared to negotiate your salary and benefits package, and don't be afraid to ask about opportunities for professional development and growth.
• Red flag: If the company is not willing to provide a clear understanding of the role and responsibilities, or if they seem unsure about their internal control framework, it may be a sign of a larger issue.