Job Summary

·         Responsible for leading IT internal audits and evaluating the design and operating effectiveness of IT general controls (ITGCs), automated controls, and system-dependent processes across financial, operational, and compliance environments.

·         Acts as a key partner to IT, Information Security, Engineering, and business stakeholders to ensure technology controls are well-designed, secure, and aligned with company and regulatory requirements.

·         Provides oversight and guidance on IT risk management, cybersecurity, and system control environments to support audit readiness and continuous improvement.

Principal Duties and Responsibilities

· Leads and performs IT risk assessments, control testing, and remediation activities for SOX ITGCs, automated controls, and system-integrated business processes.

· Evaluates the design and effectiveness of controls over access management, change management, system operations, and data integrity across key platforms and applications.

· Supports SOC 1 / SOC 2 reviews, third-party risk assessments, and complementary user entity control (CUEC) evaluations.

· Prepares and maintains detailed audit workpapers, system documentation, and testing evidence to support audit conclusions.

· Partners with IT and business teams to identify control gaps, recommend practical remediation strategies, and monitor timely resolution of deficiencies.

· Supports system implementations, upgrades, and transformations (e.g., ERP, policy admin, data platforms) by advising on control design and risk mitigation.

· Leverages data analytics and audit tools to enhance testing efficiency, coverage, and insight generation.

· Communicates IT control issues, cybersecurity risks, and recommendations clearly to management and stakeholders at all levels.

Experience and Education

· Bachelor’s degree in Information Systems, Accounting, Finance, Computer Science, or related field.

· 4+ years of experience in IT audit, IT risk, information security, or internal controls.

· Professional certifications preferred: CISA, CISSP, CIA, or CPA.

· Prior public accounting (Big 4) or IT advisory experience preferred.

Required Skills and Abilities

· Strong understanding of ITGCs, SOX compliance, COSO, COBIT, and information security frameworks (e.g., NIST, ISO 27001).

· Experience auditing cloud environments (e.g., AWS, Azure), SaaS platforms, and modern system architectures.

· Knowledge of access controls, identity and access management (IAM), change management processes, and SDLC controls.

· Understanding of data governance, data integrity, and system interface controls.

· Strong analytical and problem-solving skills with the ability to evaluate complex IT environments.

· Strong written and verbal communication skills, with the ability to translate technical risks into business impact.

· Detail-oriented with strong documentation and organizational skills.

· Ability to build effective partnerships across IT, Security, Finance, Compliance, and Operations.

· Experience with audit analytics and tools (e.g., SQL, Python, PowerBI, Snowflake) preferred.

· Occasional travel required (generally a few days per quarter)