Senior Manager, IT Internal Audit & SOX

About The Position

Requirements

• Bachelor’s degree in Accounting, Management Information Systems (MIS), Computer Science, or a related field
• 8+ years of progressive experience in IT SOX compliance, IT Internal Audit, or Risk Advisory in Big 4 (or similar) or in-house internal audit function
• Proven experience designing, implementing, and managing IT SOX compliance and assurance programs, with deep, hands-on expertise in COSO, SOX 404, and PCAOB audit standards — you’ve lived this, not just studied it
• Experience auditing cloud-native, SaaS environments and automated business applications and ERPs (e.g., NetSuite, Salesforce, Workday)
• Track record of implementing or optimizing AI/automated compliance and audit capabilities/tools
• Proven ability to inform and influence at the executive level - influence without authority
• Experience working in GRC tools (like Auditboard/Optro), or building home-grown solutions
• Mastery of IT general controls (ITGCs), IT application controls, and key reports/interfaces in a SaaS environment
• Fluency in key frameworks like COSO, COBIT, NIST CSF, ISO 27001/42001, SOC 1/SOC 2
• Hands-on experience auditing - and strong understanding of - technology and cybersecurity risk domains, including cloud environments, application architecture, SDLC, CI/CD, data governance, IAM, and operational resilience
• Demonstrated proficiency using AI tools (e.g., Claude or equivalent) to accelerate audit workflows and improve manual operations — including project management, evidence analysis, control testing, and documentation — while maintaining professional skepticism and exercising sound judgment on when AI assistance is and is not appropriate
• High proficiency with audit tools and engineering platforms like AuditBoard/Optro, Jira, ServiceNow, GitHub, GitLab, and CI/CD platforms
• CISA
• CIA
• CISSP

Nice To Haves

• Blend of both Big 4 (or similar) and in-house internal audit/SOX leadership roles
• Experience working in a pre-IPO and/or newly public, high-growth, consumption/usage-based SaaS technology company environment
• CPA
• CISM
• CRISC
• CGEIT
• ISACA AAIA (Advanced in AI Audit) — signals active investment in AI governance and audit innovation

Responsibilities

• Own the end-to-end IT SOX program — from strategy to testing and documentation, through remediation and Audit Committee-level reporting.
• Manage and evolve the annual IT SOX compliance strategy, scoping methodology, and risk assessment framework — bringing genuine thought leadership, not just inherited templates
• Design and execute all phases of IT SOX audit activity: walkthroughs, design and operating effectiveness testing and documentation, status tracking, issue reporting, and remediation validation
• Support regular executive and Audit Committee-level reporting
• Support and continuously look for opportunities to improve and optimize use of Internal Audit team tools, including Audit-board/Optro and Claude
• Support IT SOX program and resource management activities, including co-source partner resources, while maintaining quality and driving consistency across the program
• In partnership with the Business Process/Finance SOX lead, manage the full SOX documentation library — narratives, flowcharts, risk and control matrices (RCMs), and management certifications — and keep it audit-ready at all times
• Drive deficiency management conversations with control owners, advocating for automation-first and scalable remediation over manual, siloed patches
• Own the relationship with external IT auditors, ensuring all testing methodologies and documentation meet PCAOB standards and align with external auditor expectations to maximize the reliance strategy
• Proactively solve challenges related to process design and training activities for the development and implementation of IT-related internal controls and SOX related topics at a global, enterprise level
• Build and sustain trusted relationships with internal (IT, engineering, finance, legal, security) and external (co-source team and external audit) stakeholders — positioning audit as a strategic partner and enabler, not a hurdle
• Train and up-skill the internal audit team, partners and stakeholder on IT and security trends, best practices, risks, and controls
• Provide thought leadership and support the strategic design, development, and ongoing management of a technology and security-focused advisory and assurance program, rooted in sound frameworks and proven best practices
• Partner with Internal Audit leadership and key stakeholders to develop and maintain a relevant audit universe, aligned to enterprise risk priorities such as cybersecurity, cloud, resilience, data governance, AI and emerging technologies
• Design and execute all phases of assurance and advisory projects including planning, scoping, execution, documentation, issue management, reporting
• Establish and maintain program governance, including tracking and reporting audit plan status, KPIs/metrics, and risk coverage
• Monitor audit execution for timeliness, consistency, quality, and adherence to established methodologies and standards through the use of standardized tools, templates, and frameworks
• Support the development of Audit Committee and executive‑level reporting, including audit plan progress, learnings and insights/opportunities, and emerging risk themes
• Partner with the stakeholder/adjacent groups (e.g., GRC, IT, engineering, legal) that operate enterprise governance and compliance programs (e.g., SOC, Hitrust, FedRAMP, HIPAA, privacy) to identify opportunities for connected risk management and assurance activities
• Collaborate with IT, product and engineering teams to educate and embed a “compliance and risk mitigation by design” mindset into how we build and ship products internally and externally
• Continuously look for process efficiency and unwanted risk mitigation opportunities, leveraging deep data analytics skills to surface insights that go beyond financial reporting or surface-level symptoms
• Design, build and promote AI and other automation tools/capabilities within Internal Audit and across stakeholder functions, turning SOX and audit learnings and insights into operationalized innovative capabilities — e.g., building continuous monitoring capabilities, automating routine SOX compliance and audit activities, or automating manual operational controls
• Stay ahead of emerging technology risks: GenAI governance, process automation risks, evolving regulatory requirements, AI in SOX compliance
• Lead the transformation of Internal Audit's capabilities and service offerings by advancing the integration of AI and automation into core audit activities
• Prepare and deliver clear, high-impact findings/insights and strategic opportunities to senior leadership, support preparation of Audit Committee-level reporting
• Serve as the primary IT Internal Audit liaison to co-source partners and external auditors — driving alignment on strategy, methodology, audit coverage, timelines and program status
• Build durable partnerships across Finance, Engineering, Legal, Privacy, and Security — contributing to Internal Audit’s role as a strategic business partner
• Build and maintain a network of strong partnerships to build common ground for cooperation with key decision makers

Benefits

• Team cohesion is deeply important to us - we have frequent office events and regular team activities
• Qualtrics Experience Program - $1,800 for an experience of your choosing (eligible after a year)
• We take pride in our office design aimed at fostering creativity, in an open and collaborative workspace
• 30 paid days off - 15 Vacation Days + 5 Personal Days + 10 Holiday Closures (additional after a year)
• On top of standard benefits package (medical employees and their families, dental, vision, life insurance, etc), we provide free lunches every work day, snacks, and drinks
• The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life.
• medical employees and their families
• dental
• vision
• life insurance
• 401(k) with match
• paid time off
• a wellness reimbursement
• mental health benefits
• an experience bonus