Senior Analyst - Internal Audit & Risk

Spotify•Stockholm, NY

4d•$92,171 - $131,673•Hybrid

About The Position

Spotify’s Internal Audit & Risk (IAR) team is seeking a Senior Analyst with a technological or engineering or product management background to help implement our audit strategy across the product lifecycle within our agile, international environment. In this role, you will primarily support the company’s annual SOX compliance program while contributing to assurance and advisory projects across technology and product areas, including information security, machine learning, and infrastructure management. The ideal candidate has a background in professional services and/or internal audit and possesses experience with audit techniques. You should have experience testing automated controls and IT General Controls (ITGCs) within SOX programs, microservices architecture, and CI/CD practices, alongside solid project management skills and meticulous attention to detail.

Requirements

Experienced Professional : At least 3 years of experience in an engineering, product management or related technical field; experience in technical audit or IT risk management is a merit.
Technical Expert : You are proficient in SQL and Python, with a strong interest in employing emerging technologies (such as AI/ML, GenAI, and RPA) to drive efficiency. You also have a solid understanding of modern software development lifecycles (SDLC) and cloud infrastructure.
Analytical Attitude: You possess strong problem-solving skills, demonstrating critical and logical thinking to reach solutions in complex technical environments.
Strong Communicator : You can clearly present complex technical concepts and audit findings to partners at all levels of the organization.
Educated & Certified : You hold a Bachelor’s degree in Computer Science, Business Administration, Product Management, Management Information Systems (MIS), Engineering, or a related field.

Nice To Haves

Professional certifications (e.g., CISA, CISSP, CPA, CIA) or specialized technical training in Product Management and Agile methodologies are a merit.

Responsibilities

Advance Audit Procedures: Design and implement technical audit procedures using scripting (e.g., Python, SQL) and data analytics to drive continuous testing and automation.
Support SOX Compliance: Lead the testing of technology components within the SOX framework, including planning, implementing walkthroughs, reporting, and driving continuous improvements such as control rationalization.
Collaborate with Partners: Coordinate with co-sourced providers, external auditors, and internal process owners to ensure the timely and effective execution of the SOX testing program.
Implement Advisory Projects: Participate in complex assurance and advisory projects, covering risk assessment, testing, and reporting across various technical domains.
Deep Product Knowledge: Develop a deep understanding of the businesses you are auditing, including their strategy, product lifecycle, and associated business processes.
Consultative Guidance: Provide guidance and support to internal partners as they address control deficiencies or make significant process changes, such as the implementation of new systems or product features.