IT Audit Manager

About The Position

Requirements

• 12 plus years of experience in IT audit, IT compliance, information security, or a related risk/control-focused role, preferably in a cloud-first or SaaS environment
• Hands-on experience performing or supporting audits aligned to frameworks such as SOC 2 Type II and ISO/IEC 27001, with exposure to NIST CSF or similar security standards strongly preferred
• Experienced in managing small teams, delegating tasks, providing feedback, and tracking projects and responsibilities across the team
• Additional experience interfacing with customers on annual assessments and providing information in line with company policies
• One or more relevant certifications such as CISA, ISO 27001 Internal or Lead Auditor, CRISC, CISM, or CISSP (or a strong commitment to obtain relevant certifications within a defined timeframe)
• Solid understanding of IT general controls (ITGCs), application controls, and foundational information security principles (identity and access management, change management, backup and recovery, logging and monitoring, configuration management, etc.)
• Familiarity with cloud and SaaS architectures and their impact on control design and testing (e.g., use of AWS, Azure, or similar environments; shared responsibility models)
• Demonstrated ability to plan and execute multiple audits or workstreams in parallel, manage deadlines, and reprioritize in response to changing risk or business needs
• Strong organization skills and attention to detail, especially in managing large volumes of evidence and documentation
• Proven ability to analyze complex technical environments, identify control deficiencies and process inefficiencies, and recommend practical, risk-based improvements
• Excellent written and verbal communication skills; able to explain audit concepts and results in clear, business-relevant terms for both technical and non-technical audiences
• Comfortable facilitating meetings, walkthroughs, and readouts with stakeholders ranging from individual contributors to senior leaders
• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, Accounting/Information Systems, or a related field, or equivalent practical experience

Nice To Haves

• Experience using GRC or audit management tools to track controls, evidence, testing, and remediation tasks (e.g., Archer, ServiceNow GRC, OneTrust, or similar) is a plus

Responsibilities

• Execute IT and security internal audits across applications, infrastructure, and processes, including planning scope and objectives, performing walkthroughs, testing controls, documenting workpapers, and drafting findings and recommendations
• Support the internal audit plan by performing risk-based testing of IT general controls, security controls, and key technology processes, aligned to frameworks such as SOC 2 Trust Services Criteria, ISO 27001, NIST CSF, and related requirements
• Coordinate external audits and assessments (e.g., SOC 2 Type II, ISO 27001 certification/surveillance audits, NIST CSF assessments, IRAP), including scheduling activities, gathering and validating evidence, supporting control owner interviews, and tracking requests to closure
• Manage and coordinate customer assessments, including responding to questionnaires, providing information as required, and attending customer calls
• Lead a team of Technology Audit Analysts to perform related audit activities and maintenance. Delegate responsibilities and assignments to Analysts as needed
• Maintain and enhance the IT control library, ensuring controls are mapped to relevant standards and kept current as systems, processes, and regulatory expectations evolve
• Manage audit evidence and documentation, ensuring completeness, accuracy, and consistency across systems and repositories; help keep the organization audit-ready at all times
• Document audit observations and issues in a clear, risk-focused way, working with control owners to define action plans, target dates, and realistic remediation steps, and follow up through closure
• Partner with cross-functional teams (IT, Security, Engineering, Legal, Enterprise Risk Management, and business stakeholders) to understand processes, identify control gaps, and recommend balanced improvements that support both security and business objectives
• Contribute to policy, standards, and process improvements by translating audit results and industry best practices into practical updates to procedures, runbooks, and guidelines
• Prepare clear, concise audit communications, including planning materials, status updates, and final reports or presentations summarizing scope, approach, results, and agreed actions for stakeholders at various levels
• Stay current on emerging risks and frameworks, monitoring changes to standards, regulations, and audit methodologies, and incorporating those into our audit programs and control expectations as appropriate
• Promote a culture of security, compliance, and accountability by educating stakeholders on audit requirements, control expectations, and lessons learned from completed audits

Benefits

• Comprehensive health coverage, generous PTO, and flexible work options
• Learning opportunities, career-mobility programs, and leadership workshops
• Sixteen paid volunteer hours each year, global employee resource groups, and a “No Jerks” policy that keeps collaboration healthy
• Modern offices with EV charging, healthy snacks (and the occasional cupcake), plus hackathons, game nights, and culture celebrations
• Charitable Giving Program supported by Company Match
• We practice pay transparency and reward performance. Offers reflect role location, internal equity, experience, skills, education, and certifications.