Senior Manager, IT Audit & SOX Compliance

We are seeking an IT Audit Senior Manager to lead our IT Internal Audit and IT SOX compliance work.This individual will have extensive experience working cross-functionally with IT, Engineering, and Security teams, managing internal and external audit requests, and performing deep technical risk assessments to ensure the integrity of our systems. The ideal candidate is a proactive leader with a Big 4 background and a commitment to process improvement and automation. This role is ideal for someone who excels at auditing complex cloud environments, challenging the status quo, and building scalable control frameworks in a high-growth public tech company.

This role reports to our Head of Internal Controls and is required to follow our hybrid, 4 day a week work model out of our San Francisco office. 

What You’ll Do:

• Lead IT SOX Compliance: Drive the end-to-end IT SOX program, including risk assessment, scoping, and the evaluation of IT General Controls (ITGCs) and IT Application Controls (ITACs) across the company’s tech stack.
• Strategic Risk Advisory: Partner with IT and Engineering teams to provide proactive guidance on control design for new system implementations, cloud migrations, and product launches.
• External Audit Management: Act as the primary point of contact for external auditors, ensuring seamless coordination of testing and timely remediation of identified deficiencies.
• Audit Execution: Plan and execute technical audits focused on high-risk areas including Cloud Security (AWS/GCP), Identity & Access Management (IAM), SDLC, and Data Privacy.
• Process Automation: Drive efficiencies by leveraging data analytics and automation tools to transition from traditional point-in-time testing to continuous monitoring.
• Remediation Oversight: Collaborate with process owners to develop robust remediation plans for control gaps, ensuring root causes are addressed and validated.
• Executive Reporting: Prepare high-quality audit reports and presentations for senior leadership and the Audit Committee, translating technical risks into business impact.
• Team Leadership: Manage co-sourced providers, fostering a culture of technical excellence and professional growth.

What We’re Looking For:

• Education: Bachelor’s degree in Management Information Systems (MIS), Computer Science, Accounting, or Finance.
• Certifications: CISA (Certified Information Systems Auditor) or CIA (Certified Internal Auditor) is required. CISSP is a significant plus.
• Experience: 8+ years of experience in IT Audit or IT Risk Management, with at least 3 years in a management role.
• Big 4 Background: Experience at a Big 4 accounting firm in their IT Risk/Advisory practice is required.
• Industry Knowledge: Proven experience operating within a public company in the Tech industry, with a deep understanding of cloud-native environments.
• Technical Expertise Requirements:
  • Strong understanding of COSO, COBIT, and NIST frameworks, and the ability to audit complex SDLC/Agile processes.
  • Cloud Infrastructure: Hands-on experience auditing AWS or Azure environments.
  • Systems: Experience with NetSuite (or similar ERP), Salesforce, and Workday.
  • Analytics & Automation: Proficiency with data analytics and GRC tools (e.g., ThoughtSpot, Alteryx, Tableau, AuditBoard, or Workiva).
  • Software Lifecycle: Deep familiarity with modern CI/CD pipelines and automated deployment controls.
  • Communication: Proven ability to communicate technical audit findings to non-technical stakeholders clearly and effectively.