Lead and manage SOC 1 and SOC 2 examinations under AICPA standards in a complex, rapidly evolving technology environment, partnering with external auditors and internal teams to design, implement, and continuously improve IT control processes
Support end-to-end SOX planning and execution, including IT system scoping, audit readiness, and development and delivery of training for control owners operating in a high-growth, regulated business
Act as a trusted advisor to Security, IT, Infrastructure, Engineering, Data, and Finance teams, translating SOX and audit requirements into practical, scalable controls aligned with modern technology stacks
Lead security and IT control gap assessments, evaluate control design and operating effectiveness, and drive remediation efforts through to completion in partnership with control owners
Facilitate the ongoing maturation of IT general controls (ITGCs) and IT application controls (ITACs), balancing regulatory expectations with the pace of product and platform innovation
Oversee the quality and execution of audit initiatives, applying strong professional judgment to identify control gaps, assess risk, and guide teams through complex audit and compliance matters
Perform impact assessments for SOX control deficiencies and design risk-based, pragmatic remediation plans that stand up to auditor scrutiny without slowing the business
Implement and enhance controls monitoring and defense-in-depth across key IT risk areas to improve audit outcomes and strengthen the overall control environment
Partner cross-functionally to identify systemic program challenges, recommend process improvements, and drive durable solutions in a scaling organization
Develop and maintain clear, auditor-ready documentation, including data flow diagrams and process flowcharts for high-risk security and financial processes
Work closely with internal and external auditors, helping them navigate a sophisticated IT control environment and ensuring efficient, high-quality audits
Support audit evidence collection and continuous improvement initiatives, including leveraging automation to improve efficiency, consistency, and scalability

Requirements

5+ years of experience in external IT audit and/or technology risk assurance or advisory, with demonstrated ownership of complex audit requirements
Strong hands-on experience with Internal Controls over Financial Reporting (ICFR), including SOX 404 frameworks, control design, and operating effectiveness testing
Prior experience at a Big 4 or other large public accounting firm, or equivalent experience working with external auditors in a highly regulated environment
Proven ability to lead compliance and audit initiatives end to end, from planning and risk assessment through remediation and audit close
Experience auditing or assessing hybrid and cloud-based environments (e.g., IaaS, PaaS, SaaS), including access management, change management, and logging/monitoring controls
Ability to operate autonomously in ambiguous, fast-paced environments, driving outcomes across cross-functional teams with minimal supervision
Strong organizational and time management skills, with a high degree of self motivation and effectiveness in a remote or distributed working environment

Benefits

Offers Equity
Offers Bonus
Wellness allowance
Other benefits [US Only] (including medical, dental, vision and 401(k))

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SOC 1 examinationsSOC 2 examinationsSOX planningIT system scopingIT general controls (ITGCs)IT application controls (ITACs)Internal Controls over Financial Reporting (ICFR)SOX 404 frameworkscontrol designoperating effectiveness testing

Soft Skills

leadershiporganizational skillstime managementself-motivationcommunicationproblem-solvingcollaborationadaptabilityjudgmentautonomy