Senior Manager, IT Audit & SOX Compliance

Navan•San Francisco, CA

4h•Hybrid

About The Position

We are seeking an IT Audit Senior Manager to lead our IT Internal Audit and IT SOX compliance work.This individual will have extensive experience working cross-functionally with IT, Engineering, and Security teams, managing internal and external audit requests, and performing deep technical risk assessments to ensure the integrity of our systems. The ideal candidate is a proactive leader with a Big 4 background and a commitment to process improvement and automation. This role is ideal for someone who excels at auditing complex cloud environments, challenging the status quo, and building scalable control frameworks in a high-growth public tech company. This role reports to our Head of Internal Controls and is required to follow our hybrid, 4 day a week work model out of our San Francisco office.

Requirements

Education: Bachelor’s degree in Management Information Systems (MIS), Computer Science, Accounting, or Finance.
Certifications: CISA (Certified Information Systems Auditor) or CIA (Certified Internal Auditor) is required. CISSP is a significant plus.
Experience: 8+ years of experience in IT Audit or IT Risk Management, with at least 3 years in a management role.
Big 4 Background: Experience at a Big 4 accounting firm in their IT Risk/Advisory practice is required.
Industry Knowledge: Proven experience operating within a public company in the Tech industry , with a deep understanding of cloud-native environments.
Technical Expertise Requirements: Strong understanding of COSO, COBIT, and NIST frameworks, and the ability to audit complex SDLC/Agile processes.
Cloud Infrastructure: Hands-on experience auditin g AWS or Azure environments.
Systems: Experience with NetSuite (or similar ERP), Salesforce, and Workday.
Analytics & Automation: Proficiency with data analytics and GRC tools (e.g., ThoughtSpot, Alteryx, Tableau, AuditBoard, or Workiva).
Software Lifecycle: Deep familiarity with modern CI/CD pipelines and automated deployment controls.
Communication: Proven ability to communicate technical audit findings to non-technical stakeholders clearly and effectively.

Nice To Haves

Certifications: CISSP is a significant plus.

Responsibilities

Lead IT SOX Compliance: Drive the end-to-end IT SOX program, including risk assessment, scoping, and the evaluation of IT General Controls (ITGCs) and IT Application Controls (ITACs) across the company’s tech stack.
Strategic Risk Advisory: Partner with IT and Engineering teams to provide proactive guidance on control design for new system implementations, cloud migrations, and product launches.
External Audit Management: Act as the primary point of contact for external auditors, ensuring seamless coordination of testing and timely remediation of identified deficiencies.
Audit Execution: Plan and execute technical audits focused on high-risk areas including Cloud Security (AWS/GCP), Identity & Access Management (IAM), SDLC, and Data Privacy.
Process Automation: Drive efficiencies by leveraging data analytics and automation tools to transition from traditional point-in-time testing to continuous monitoring.
Remediation Oversight: Collaborate with process owners to develop robust remediation plans for control gaps, ensuring root causes are addressed and validated.
Executive Reporting: Prepare high-quality audit reports and presentations for senior leadership and the Audit Committee, translating technical risks into business impact.
Team Leadership: Manage co-sourced providers, fostering a culture of technical excellence and professional growth.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume