Director, SOX Program Management Office

Why Join GEICO? At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive on relentless innovation to exceed our customers' expectations while making a real impact on local communities nationwide. Founded in 1936, GEICO is a member of the Berkshire Hathaway family of companies and one of the largest auto insurers in the United States. When you join our company, we want you to feel valued, supported, and proud to work here. That's why we offer the

GEICO Pledge:

Great Company, Great Culture, Great Rewards, and Great Careers. The Director, SOX Program Management Office (PMO) leads the company's Sarbanes-Oxley compliance program end-to-end and serves as the single accountable management owner for the design, documentation, and operating governance of Internal Control over Financial Reporting (ICFR) across both business processes and technology. The Director also owns the company's NAIC Model Audit Rule (MAR) ICFR program for statutory financial reporting, operated as an integrated extension of SOX given the substantial overlap in controls, processes, and evidence. The role reports directly to the Controller and partners closely with the CFO, Internal Auditors, External Auditors, CIO, and the parent company's Corporate SOX function to deliver an effective, efficient, and risk-aligned controls program in support of management's assertions under Section 302 and 404 of Sarbanes-Oxley and Section 16 of the NAIC Annual Financial Reporting Model Regulation (Model #205). Independent testing of controls will be performed by an independent and separate function. The Director is responsible for the program, the framework, and the partnership with control owners; the Director is not responsible for performing or directing independent testing.

ROLE IN CONTEXT

THREE

LINES ALIGNMENT

This role is positioned as a function within Finance with strong governance lines into IT and business process owners. Function Accountability for

SOX / ICFR

Process & Control Owners (Finance, Claims, Underwriting, Actuarial, IT, etc.) Design, consistently execute, and self-attest to controls; own remediation of identified deficiencies. SOX PMO (this role) Owns the SOX program: scoping, risk assessment, control framework, documentation standards, deficiency aggregation, and reporting. Internal Audit Independent testing of ICFR and separate independent audit of test results

KEY RESPONSIBILITIES 1. SOX

Program Leadership and Strategy Own the annual SOX program lifecycle for the entity, including scoping, planning, execution oversight, control automation and optimization efforts, deficiency evaluation, certification support, and year-end conclusion. Maintain alignment with the parent company's consolidated SOX program, including conformity with corporate methodology, scoping thresholds, and reporting cadences, while tailoring execution to the carrier's P&C business model. Define and continuously improve the SOX operating model, including roles, RACI, calendar, key milestones, and intersection points with External Audit, Internal Audit, and IT. Drive program efficiency through control rationalization, automation, continuous controls monitoring, and AI-enabled documentation and review. 2. Risk Assessment and Scoping Lead the annual SOX risk assessment covering financial statement materiality, qualitative factors, fraud risk, and significant accounts and disclosures. Determine in-scope entities, locations, processes, applications, and service providers (including SOC reliance) using a documented, defensible methodology. Maintain SOX risk and control inventory, Key and non-Key designations, and accuracy of ownership, related systems and reports, etc. Drive continuous updates where applicable due to changes in process, system, volumes, and/or accounting guidance. 3. Business Process ICFR Ownership Own the framework, documentation standards, and quality of business process flowcharts and risk-and-control matrices (RCMs). Partner with process owners across Finance, Actuarial, Claims, Underwriting, Premium, Reinsurance, Treasury, and Tax to ensure controls are well-designed, properly documented, and operating as intended. Apply heightened rigor to Management Review Controls (MRCs), addressing precision, evidence of review, criteria, and outlier follow-through consistent with PCAOB expectations. Review controls over the financial close such as journal entries, account reconciliations, and disclosure committee processes. Govern the entity-level control (ELC) and COSO framework. 4. Technology ICFR (ITGC and Automated/IPE Controls) Ownership Own the IT general controls (ITGC) framework in partnership with IT leadership, covering logical access, change management, computer operations, and SDLC for in-scope systems (policy administration, claims, billing, general ledger, reserving, reinsurance, data warehouses, and reporting). Drive standards for automated application controls, system-generated reports, and Information Produced by the Entity (IPE), including completeness and accuracy validation. Govern the SOC reliance program for in-scope service providers: bridge letter monitoring, CUEC evaluation, and gap remediation. Support cloud, RPA, and AI/agentic system controls evaluation as the technology footprint evolves; coordinate with the AI governance and TPRM functions on emerging risks. 5. Model Audit Rule (MAR) Statutory ICFR Oversight Own the carrier's annual MAR program under the NAIC Annual Financial Reporting Model Regulation (Model #205), Section 16, including Management's Report of Internal Control over Financial Reporting for the statutory financial statements. Operate MAR as an integrated extension of

SOX:

leverage the same control inventory, evidence, walkthroughs, and GRC tooling wherever the underlying control achieves both objectives; isolate and govern the statutory-only delta. Maintain the MAR scoping rationale for statutory-specific accounts and assertions, including loss and LAE reserves on a statutory basis, premium deficiency, reinsurance recoverable and Schedule F provisioning, investment valuation under SAP, surplus, and the RBC inputs that flow from controlled processes. Prepare Management's Report of Internal Control over Financial Reporting and supporting documentation for inclusion in the statutory audit package filed with the domestic Department of Insurance. Monitor NAIC and state DOI guidance for changes to MAR thresholds, scope, and reporting expectations, and adjust the program accordingly. 6. Deficiency Management and Remediation Oversight Partner with Internal Audit for deficiency intake and evaluation process: aggregation, severity assessment (deficiency, significant deficiency, material weakness), and disposition tracking. Partner with control owners to develop outcome-based remediation plans, monitor milestones, and confirm management readiness for retest by Internal Audit. Maintain the deficiency log of record and ensure timely communication to the Controller, CFO, and Audit. 7. External Auditor and Parent Company Coordination Serve as management's primary management point of contact for the External Auditor on SOX matters: walkthroughs, control selections, PBC requests, deficiency discussions, and reliance decisions. Facilitate reliance discussions between External Audit and Internal Audit when applicable. 8. Certification, Reporting, and Governance Operate the quarterly and annual sub-certification process supporting CEO/CFO 302 and 404 certifications. Prepare materials for the Controller, CFO, and Head of Internal Audit, including program status, scope changes, deficiency trends, and remediation health. Maintain SOX program documentation in the GRC platform (AuditBoard) as the system of record, with clean lineage from risk to assertion to control to owner to evidence. 9. Team Leadership and Talent Development Lead, coach, and develop a high-performing SOX PMO team across business and IT ICFR domains. Build technical depth and continuous education on PCAOB, SEC, and emerging technology controls. Foster a culture of candor, ownership, and continuous improvement aligned with the Controller's values.

QUALIFICATIONS

Required 10-12+ years of progressive experience in

ICFR, SOX

program management, public accounting, or financial controls leadership, including time in a Big Four or large national public accounting firm. Bachelor's degree in Accounting, Finance, Information Systems, or related discipline. Active CPA in good standing. Demonstrated ownership of an end-to-end SOX program for a SEC registrant or a subsidiary of a SEC registrant, including 302/404 certification cycles. Deep working knowledge of

COSO 2013

Internal Control — Integrated Framework, PCAOB AS 2201, and SEC interpretive guidance on ICFR. Working knowledge of the NAIC Model Audit Rule (Model #205), including Management's Report of Internal Control over Financial Reporting for statutory filings, and the practical integration of MAR with a SOX program. Working knowledge of ITGC frameworks and IT-dependent controls, with the ability to partner with IT control specialists. Track record of partnering effectively with External Auditors and managing audit issues to resolution. Strongly Preferred Property & Casualty insurance industry experience, including familiarity with statutory accounting, loss reserves, premium recognition, reinsurance, and investment accounting. Hands-on experience with AuditBoard (SOXHUB) or comparable GRC platforms (Workiva, AuditBoard, Archer, ServiceNow GRC).

Additional certifications:

CIA, CISA, CISM, or CFE. Experience driving control rationalization, automation of controls, and use of AI/analytics to scale SOX execution. Familiarity with NAIC, NYDFS, and state DOI expectations as they relate to internal controls and corporate governance disclosures (e.g., CGAD). #LI-SS1 Annual Salary $146,575.00 - $229,600.00 The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, the work location as well as market and business considerations. At this time, GEICO will not sponsor a new applicant for employment authorization for this position.

The GEICO Pledge:

Great Company:

Protecting customers through life's twists and turns with innovation and integrity.

Great Careers:

Personalized development programs, mentorship, and certification assistance.

Great Culture:

Inclusive and collaborative culture rooted in shared success.

Great Rewards:

Competitive pay, benefits, and flexibility to support your well-being and future. The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled. GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.