- Execute SOX IT and information systems testing program, including conducting walkthroughs, analyzing audit evidence, executing controls testing, identifying and defining issues, and documenting business processes and procedures.
- Support the creation of status reports and planning materials assist with overall and collaborate closely with internal and external stakeholders for the IT Program. Perform the end-to-end planning, execution, and reporting with the IT Internal Audit Manager of risk-based IT audit engagements across domains such as:
- Information Security Program
- Network & System Security
- Business Continuity and Disaster Recovery (BC/DR)
- Change Management and Software Development Lifecycle (SDLC)
- Third-Party Risk Management (TPRM)
- Identity & Access Management (I&AM)
- IT Operations and Asset Management
- Privacy and Data Protection
- Cloud and Outsourced Services
- Evaluate IT risks, control maturity, and alignment with regulatory expectations.
- Provide risk advisory and control consultation to IT and business leadership on strategic technology initiatives, regulatory obligations, and emerging threats.
- Collaborate closely with cross-functional stakeholders, including Accounting, Information Security, Compliance, Legal, and Engineering teams, to understand business processes and evaluate control effectiveness.
- Develop and deliver clear, concise, risk-focused audit reports dealing with complex and sensitive issues, including findings, root cause analysis, and actionable, in a timely manner for internal and external audiences..
- Complete assigned responsibilities following audit standards.
- Partner with internal and external audit teams to ensure a timely and efficient testing approach and issue resolution.
- Monitor and validate the implementation of management action plans and ensure sustainable remediation of control issues.
- Support new system implementations and ensure compliance with existing policies
- Conduct risk assessments, including the identification of controls and testing attributes.
- Contribute to the development and evolution of the IT audit program, including risk assessment methodology, audit universe updates, and use of data analytics.
- Act as a key liaison to internal and external auditors, examiners, and other assurance functions to ensure coordinated risk coverage and alignment.
- Take initiative and suggest alternatives for process improvements.
- Duties may change and Team Members may be required to perform other duties as assigned.
Minimum Experience and Knowledge:
- Bachelor s degree in Information Technology, Accounting, Finance, or a related field
- Five or more years of experience in IT audit, internal audit, cybersecurity, financial services, or a related business function
- Thorough understanding of internal controls, IT risk, and regulatory requirements including SOX, FFIEC, and financial compliance frameworks
- Strong knowledge of internal audit methodologies, including experience leading audit projects in accordance with the Institute of Internal Auditors (IIA) Global Standards
- Demonstrated ability to independently plan, execute, and manage complex audit engagements with minimal supervision
- Proven ability to communicate complex concepts clearly across both technical and non-technical stakeholders
- Experience operating as a subject matter expert in key areas such as IT General Controls (ITGCs), IT Application Controls, agile software development practices, NIST frameworks, and/or GAAP
- Strong project management skills with the ability to manage multiple priorities simultaneously while maintaining attention to detail and accuracy
- Advanced proficiency in Microsoft Excel, Word, Outlook, and data analysis tools used for issue identification and trend monitoring
- Highly self-motivated, results-driven, and committed to delivering high-quality work in a dynamic environment
- Excellent time management and organizational skills, with the ability to support multiple projects, work both independently and collaboratively within the team and effectively prioritize and manage a large volume of work
- Superior interpersonal, written, and verbal communication skills, with the ability to create thorough documentation and interface effectively with individuals at various levels
- Ability to remain organized, pay strict attention to detail, and meet critical deadlines within a high volume, fast-paced environment
- Analytical with strong problem-solving abilities and creative resolution skills
- Demonstrated discretion and trustworthiness when working with confidential financial, operational, or employee data
- Holds an active CIA, CISA, or CPA designation or evidenced plans to pursue.
Preferred Experience and Knowledge
- Overall 5+ years of experience with at least 3 years of direct experience in IT Audit for a SaaS company or equivalent IT audit experience at a top-tier firm (Big 4, RSM, Protiviti, etc.)
- 2+ years of experience leading end-to-end engagements and/or leadership experience within the information technology or security fields
- Demonstrated knowledge of internal controls, business risks and audit techniques in a large SaaS organization
- Demonstrated knowledge of SOC1 and SOC2 requirements
- Knowledge of data analytics tools such as ACL, Power BI, or Tableau
- Experience with AuditBoard or other audit engagement support tools
- Maintains other designations including Certified Management Accountant (CMA), Certified Fraud Examiner (CFE), Certified Information Security Systems Professional (CISSP), Certified Financial Services Auditor (CFSA), or other relevant business designation.
