Internal Auditor II (Technology)

About The Position

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, Engineering, Business, Accounting, or a related field
• Minimum 2+ years of experience in IT audit, technology risk, cybersecurity, or related disciplines within a public accounting firm, public company, or technology‑focused organization
• Experience supporting audits or assessments of modern technology environments, including IT general controls, cybersecurity controls, cloud platforms, or SaaS operations
• Strong foundational understanding of internal control concepts and their application to technology and business processes
• Familiarity with industry frameworks such as NIST, ISO 27001, COBIT, SOC 2, and COSO
• Analytical mindset with the ability to ask insightful questions, challenge assumptions, and evaluate risk implications
• Demonstrated curiosity and willingness to continuously learn new technologies, platforms, and threat vectors
• Ability to connect technical risks to broader business, operational, and customer impact
• Strong documentation skills, with the ability to clearly articulate work performed and communicate complex topics effectively
• Ability to manage multiple priorities and deadlines in a dynamic, fast‑paced environment
• High level of integrity, professionalism, and sound judgment
• Comfort operating in environments where risks are evolving and controls may still be maturing

Nice To Haves

• Professional certifications preferred: CISA, CISSP
• Other relevant certifications considered: CIA, CPA, CISM, CCSP, CRISC
• Exposure to cloud environments such as AWS, Azure, or GCP
• Familiarity with secure software development practices, DevOps, or DevSecOps pipelines
• Prior experience auditing or assessing cybersecurity programs or security operations

Responsibilities

• Execute technology, cybersecurity, and digital risk audit engagements as part of a risk-based internal audit plan
• Perform audit fieldwork aligned to defined objectives while applying professional skepticism and curiosity to identify risks beyond standard audit procedures
• Assess the design and operating effectiveness of controls across technology domains including cloud infrastructure, identity and access management, network security, application security, logging and monitoring, vulnerability management, and incident response
• Go beyond “check‑the‑box” testing to understand how systems actually operate, where controls may fail, and how risk could evolve as the business and technology landscape change
• Conduct stakeholder interviews and walkthroughs to understand system architecture, processes, and risk trade‑offs
• Identify, document, and analyze audit observations, including root causes and potential business or customer impact
• Prepare clear, concise, and well‑supported workpapers in accordance with Internal Audit standards and methodologies
• Contribute to audit reporting by summarizing findings, insights, and risk themes in a way that is meaningful to both technical and non‑technical stakeholders
• Partner with technology, security, and business stakeholders to validate observations and support effective remediation
• Track audit issues and support follow‑up activities to promote timely and sustainable risk mitigation
• Support Internal Audit activities beyond core audits, including risk assessment, audit planning, advisory engagements, and continuous improvement initiatives
• Stay current on emerging technology and cybersecurity risks, threat trends, and evolving industry practices
• Contribute to the ongoing modernization of the Internal Audit function through adoption of improved tools, methodologies, and ways of working

Benefits

• Incentive compensation
• Bonus
• Restricted stock units
• Benefits