IT Audit Manager

Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! This is a unique opportunity to contribute to a high-quality SOX program while helping create something from the ground up: an IT risk management function and operational audit capability at one of the most recognized design companies in the world. The Manager of IT Internal Audit (Risk Ops) will support Figma's IT SOX compliance program and, in partnership with the Head of Internal Audit, develop the IT risk management and risk-based operational audit workstreams. The right candidate brings compliance rigor and the intellectual curiosity to work in greenfield territory, where the playbook does not yet exist. This is a full time role that can be held from one of our US hubs or remotely in the United States. What you’ll do at Figma: Execute the IT SOX compliance program: ITGC and ITAC testing, deficiency management, remediation tracking, and SOX documentation. Coordinate with external auditors and co-sourced resources throughout the audit cycle. Provide technical support in the assessment, design, and implementation of IT General Controls and IT Application Controls in collaboration with GRC and IT management. Participate in system upgrades and implementations to ensure controls over financial reporting are adequately identified and addressed. Lead IT risk conversations with management and contribute to the IT risk register. Support the buildout of Figma's IT risk management program, including risk identification methodology, assessment frameworks, and leadership reporting. Contribute to risk updates for the Audit Committee and senior leadership as it relates to the IT risk landscape, including emerging technology risks such as cloud, SaaS, and AI. Develop a risk-based operational audit plan and implement audits across IT and business process areas, including where no prior year workpapers exist. Issue findings with risk ratings and actionable recommendations; track remediation to closure. Build audit programs from scratch, prepare clear and concise audit reports, and present findings and recommendations to senior leaders and cross-functional partners. We'd love to hear from you if you have: 6+ years in IT audit, IT risk management, or a combination thereof IT SOX compliance experience with hands-on ownership of ITGCs, ITACs, and Segregation of Duties Experience performing operational or integrated audits, including in environments without established playbooks Knowledge of PCAOB/SEC requirements and audit frameworks, including CISA, CIA, or CISM certifications Ability to collaborate across Internal Audit and cross-functional teams (GRC, IT, Finance, Legal, Business Systems) While not required, it’s an added plus if you also have: Experience supporting the development of a risk management program SaaS or fast-paced tech company experience Familiarity with GRC tools (AuditBoard, Workiva, ServiceNow GRC, or similar) Experience with data analytics tools (ACL, IDEA, or similar) for audit processes Cloud security knowledge and audit experience At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Pay Transparency Disclosure If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range state ... (truncated, view full listing at source)