We are seeking an IT Audit Senior Manager to lead our IT Internal Audit and IT SOX compliance work.This individual will have extensive experience working cross-functionally with IT, Engineering, and Security teams, managing internal and external audit requests, and performing deep technical risk assessments to ensure the integrity of our systems. The ideal candidate is a proactive leader with a Big 4 background and a commitment to process improvement and automation. This role is ideal for someone who excels at auditing complex cloud environments, challenging the status quo, and building scalable control frameworks in a high-growth public tech company.
This role reports to our Head of Internal Controls and is required to follow our hybrid, 4 day a week work model out of our San Francisco office.
What You’ll Do:
- Lead IT SOX Compliance: Drive the end-to-end IT SOX program, including risk assessment, scoping, and the evaluation of IT General Controls (ITGCs) and IT Application Controls (ITACs) across the company’s tech stack.
- Strategic Risk Advisory: Partner with IT and Engineering teams to provide proactive guidance on control design for new system implementations, cloud migrations, and product launches.
- External Audit Management: Act as the primary point of contact for external auditors, ensuring seamless coordination of testing and timely remediation of identified deficiencies.
- Audit Execution: Plan and execute technical audits focused on high-risk areas including Cloud Security (AWS/GCP), Identity & Access Management (IAM), SDLC, and Data Privacy.
- Process Automation: Drive efficiencies by leveraging data analytics and automation tools to transition from traditional point-in-time testing to continuous monitoring.
- Remediation Oversight: Collaborate with process owners to develop robust remediation plans for control gaps, ensuring root causes are addressed and validated.
- Executive Reporting: Prepare high-quality audit reports and presentations for senior leadership and the Audit Committee, translating technical risks into business impact.
- Team Leadership: Manage co-sourced providers, fostering a culture of technical excellence and professional growth.
What We’re Looking For:
- Education: Bachelor’s degree in Management Information Systems (MIS), Computer Science, Accounting, or Finance.
- Certifications: CISA (Certified Information Systems Auditor) or CIA (Certified Internal Auditor) is required. CISSP is a significant plus.
- Experience: 8+ years of experience in IT Audit or IT Risk Management, with at least 3 years in a management role.
- Big 4 Background: Experience at a Big 4 accounting firm in their IT Risk/Advisory practice is required.
- Industry Knowledge: Proven experience operating within a public company in the Tech industry, with a deep understanding of cloud-native environments.
- Technical Expertise Requirements:
- Strong understanding of COSO, COBIT, and NIST frameworks, and the ability to audit complex SDLC/Agile processes.
- Cloud Infrastructure: Hands-on experience auditing AWS or Azure environments.
- Systems: Experience with NetSuite (or similar ERP), Salesforce, and Workday.
- Analytics & Automation: Proficiency with data analytics and GRC tools (e.g., ThoughtSpot, Alteryx, Tableau, AuditBoard, or Workiva).
- Software Lifecycle: Deep familiarity with modern CI/CD pipelines and automated deployment controls.
- Communication: Proven ability to communicate technical audit findings to non-technical stakeholders clearly and effectively.