Director of Audit & Risk Management

Position Summary

The Director of Audit & Risk Management will lead the design, implementation and ongoing oversight of Good
360’s internal audit function, enterprise risk management (ERM) program, and compliance monitoring. This senior-leadership position will partner closely with senior executives and the Board (and its Audit & Risk Committee) to proactively identify, assess and mitigate risks inherent in the organization’s operational, financial, compliance, reputational, supply-chain and disaster-response activities.

The role will also oversee internal control assessments, manage external audit and regulatory reviews, and drive a culture of risk awareness and good governance across the organization.

• Develop and maintain an internal audit plan aligned with Good
  360’s strategic objectives, risk profile and operational footprint (including logistics, disaster-relief supply chains, product donations, nonprofit partner network).
• Lead and supervise audit engagements: financial audits, operational audits, compliance audits, information-technology and cybersecurity audits.
• Ensure timely reporting of audit findings, root-cause analysis, and follow-up on remediation plans.
• Coordinate with external auditors, regulatory auditors and other assurance providers; provide support for their work, assess their findings, and implement recommendations.
• Present audit reports, trends and risk-insights to senior leadership and the Audit & Risk Committee of the Board.
• Develop and maintain an enterprise risk management (ERM) framework: risk identification, risk assessment (likelihood/impact), risk monitoring, and risk-mitigation strategies.
• Partner with functional leads (finance, operations, logistics, IT, legal, compliance, disaster-response) to identify emerging risks (e.g., supply-chain disruptions, regulatory changes, disaster response liability, donation-compliance, reputational risks) and integrate risk mitigation into strategy and operations.
• Design and implement appropriate internal control frameworks (e.g., policies & procedures, segregation of duties, monitoring controls) to mitigate key risks in the organization.
• Monitor compliance with applicable laws, non-profit industry standards, donor restrictions, and internal policies (for example, guidelines for donated goods distribution, compliance best-practices).
• Develop or enhance risk-reporting dashboards, key risk indicators (KRIs) and risk appetite metrics for senior leadership and the Board.
• Serve as a trusted advisor to the CEO, CFO, senior management and the Board on governance, audit and risk-related matters.
• Lead or participate in enterprise initiatives (e.g., major system implementations, disaster-response logistics expansions, new program roll-outs) to ensure risks are evaluated and controls embedded proactively.
• Foster a strong compliance and risk-awareness culture across Good
  360 through training, communications and cross-functional engagement.
• Manage the internal audit & risk team: hire, develop, set goals, monitor performance and build capability.
• Ensure the organization is audit-ready—maintain documentation, processes, and tools to support efficient external and internal reviews.
• Develop metrics to measure the effectiveness of the audit and risk-management functions (e.g., closed audit findings rate, risk-mitigation effectiveness, control exceptions, trend-analysis).
• Conduct periodic reviews of the audit/risk function to benchmark against best practices in the nonprofit sector and identify improvement opportunities.
• Stay current on nonprofit governance, regulatory developments, risk-management best practices and assurance methodologies.

• Bachelor’s degree in Accounting, Finance, Business Administration, Risk Management or a related field. (Master’s degree or professional certification preferred.)
• Relevant certification such as CPA, CIA (Certified Internal Auditor), CRMA (Certification in Risk Management Assurance), or equivalent.
• Minimum of 8–12 years of progressively responsible experience in internal audit, risk-management, compliance or assurance roles—preferably within a complex global or multi-state nonprofit organization (or…