Senior Manager, IT Audit & SOX Compliance

<p>We are seeking an <strong>IT Audit Senior Manager</strong> to lead our IT Internal Audit and IT SOX compliance work.This individual will have extensive experience working cross-functionally with IT, Engineering, and Security teams, managing internal and external audit requests, and performing deep technical risk assessments to ensure the integrity of our systems. The ideal candidate is a proactive leader with a Big 4 background and a commitment to process improvement and automation. This role is ideal for someone who excels at auditing complex cloud environments, challenging the status quo, and building scalable control frameworks in a high-growth public tech company.</p> <p>This role reports to our Head of Internal Controls and is required to follow our hybrid, 4 day a week work model out of our San Francisco office. </p> <p><strong>What You’ll Do:</strong></p> <ul> <li><strong>Lead IT SOX Compliance:</strong> Drive the end-to-end IT SOX program, including risk assessment, scoping, and the evaluation of IT General Controls (ITGCs) and IT Application Controls (ITACs) across the company’s tech stack.</li> <li><strong>Strategic Risk Advisory:</strong> Partner with IT and Engineering teams to provide proactive guidance on control design for new system implementations, cloud migrations, and product launches.</li> <li><strong>External Audit Management:</strong> Act as the primary point of contact for external auditors, ensuring seamless coordination of testing and timely remediation of identified deficiencies.</li> <li><strong>Audit Execution:</strong> Plan and execute technical audits focused on high-risk areas including Cloud Security (AWS/GCP), Identity Access Management (IAM), SDLC, and Data Privacy.</li> <li><strong>Process Automation:</strong> Drive efficiencies by leveraging data analytics and automation tools to transition from traditional point-in-time testing to continuous monitoring.</li> <li><strong>Remediation Oversight:</strong> Collaborate with process owners to develop robust remediation plans for control gaps, ensuring root causes are addressed and validated.</li> <li><strong>Executive Reporting:</strong> Prepare high-quality audit reports and presentations for senior leadership and the Audit Committee, translating technical risks into business impact.</li> <li><strong>Team Leadership:</strong> Manage co-sourced providers, fostering a culture of technical excellence and professional growth.</li> </ul> <p><strong>What We’re Looking For:</strong></p> <ul> <li><strong>Education:</strong> Bachelor’s degree in Management Information Systems (MIS), Computer Science, Accounting, or Finance.</li> <li><strong>Certifications:</strong> <strong>CISA</strong> (Certified Information Systems Auditor) or <strong>CIA </strong>(Certified Internal Auditor) is required. CISSP is a significant plus.</li> <li><strong>Experience:</strong> 8+ years of experience in IT Audit or IT Risk Management, with at least 3 years in a management role.</li> <li><strong>Big 4 Background:</strong> Experience at a <strong>Big 4 accounting firm</strong> in their IT Risk/Advisory practice is required.</li> <li><strong>Industry Knowledge:</strong> Proven experience operating within a <strong>public company</strong> in the <strong>Tech industry</strong>, with a deep understanding of cloud-native environments.</li> <li><strong>Technical Expertise Requirements:</strong> <ul> <li>Strong understanding of COSO, COBIT, and NIST frameworks, and the ability to audit complex SDLC/Agile processes.</li> <li><strong>Cloud Infrastructure:</strong> Hands-on experience auditin<strong>g AWS or Azure </strong>environments.</li> <li><strong>Systems:</strong> Experience with NetSuite (or similar ERP), Salesforce, and Workday.</li> <li><strong>Analytics Automation:</strong> Proficiency with data analytics and GRC tools (e.g., ThoughtSpot, Alteryx, Tableau, AuditBoard, or Workiva).</li> <li><strong>Software Lifecycle:</strong> Deep familiarity with modern CI/CD pipelines and ... (truncated, view full listing at source)