Senior Auditor - Technology Risk & SOX

Bachelor's Degree in a business or technology discipline. 5+ years of experience in SOX compliance, IT risk management, or technology audit roles, with a focus on technology risks and cloud-based environments. Proficiency in SOX, IT general controls (ITGCs), IT application controls (ITACs), and internal control frameworks such as COSO, COBIT, and NIST. Deep technical knowledge across IT areas including software development, IT infrastructure, cloud technology, network operations, and cybersecurity. Technical knowledge in auditing applications and infrastructure systems. Experience in public companies and understanding of SEC and PCAOB requirements. Entrepreneurial attitude and experience with, or the ability to adapt to, a rapidly growing start-up with associated complexities and ambiguities. Proven ability to assess and mitigate risks within cloud platforms (AWS) and internally developed IT environments. Solid understanding of modern technology stacks, IT processes, and the software development lifecycle (SDLC). Strong communication skills, able to explain complex technology risks to both technical and non-technical stakeholders. Experience leading SOX projects, managing teams, and coordinating with external auditors. Critical thinking and problem-solving skills with the ability to assess IT processes and solve complex problems. Excellent interpersonal and organizational skills, with the ability to manage multiple projects and meet deadlines in a fast-paced environment. Ability to provide meaningful recommendations to improve policies, procedures, systems, processes; as well as to address root causes of control deficiencies. Prior experience working with IPE (Information Provided by Entity) and testing the completeness and accuracy of key reports and spreadsheets. Prior experience assisting control owners in completing SOC (Service Organization Control) Report reviews for SOC1, including controls mapping and mapping of Complementary End User Computing Controls. Experience coordinating SOC audits with external auditors and stakeholders. Excellent written English communication skills: clear, concise, professional. Proven track record working remotely with a dispersed workforce.

Assist in SOX compliance for IT and Technology, including planning, scoping, testing, and reporting on key controls. Partner with the business process SOX lead on changes to the annual materiality and SOX risk assessment. Conduct risk assessments for technology systems. Identify, assess, and mitigate technology risks, particularly in cloud infrastructure, system integrations, and software development processes. Assist with implementation of Sarbanes-Oxley IT policies, procedures, and work standards. Build strong relationships with key stakeholders. Collaborate with IT control owners, Information Security, Infrastructure Engineering, and other stakeholders. Update and document initial process narratives and flowcharts. Update ITGC risk and control matrix (RACM) for year 1 SOX compliance. Partner with business process SOX lead on control optimization and automation initiatives. Assist with training on IT SOX requirements with stakeholders. Assist with planning, coordination, and execution of all ITGC test phases of SOX compliance workstreams. Execute on independent ITGC test of design (ToD) and test of operating effectiveness (ToE) results. Assist with project management of SOX 404 ITGC compliance program, SOC 2 Type 2 audits, annual IA audit plan and Enterprise Risk Assessment. Communicate SOX findings and recommendations to senior leadership and control owners. Stay informed about industry best practices for IT and technology risk management. Monitor emerging regulations and industry standards affecting IT controls. Contribute to the continuous improvement of SOX and risk processes. Support internal and external audits by providing insights into IT-related SOX risks and assisting with remediation efforts. Conduct operational and IT internal audit projects in accordance with the Institute of Internal Auditors (IIA) professional practice standards. Contribute to ongoing development of the ERM, Fraud Risk Management programs. Maintain knowledge of generally accepted auditing and accounting standards. Participate in special projects as assigned by Director, Internal Audit & Controls.