SOX Auditor - IT Controls Manager

About The Position

Requirements

• 8+ years of experience in IT audit, internal audit, external audit, or SOX compliance, with significant exposure to IT general controls testing.
• Experience in crypto, fintech, payments, or technology-intensive environments with complex, rapidly evolving infrastructure.
• CISA and CPA certifications required. Candidates with one certification who are actively pursuing the other will be considered.
• Strong knowledge of ITGC frameworks, SOX compliance requirements, COSO, COBIT, and PCAOB auditing standards as they apply to IT controls.
• Hands-on experience testing ITGCs across access management, change management, and system operations.
• Technical fluency with enterprise technology environments — you don’t need to be an engineer, but you need to understand how systems, databases, and deployment pipelines work to effectively test the controls around them.
• Understanding of how IT controls underpin the reliability of financial reporting — you can connect an ITGC failure to its downstream impact on business process controls and the financial statements.
• Experience working with or alongside external auditors (Big 4 preferred) on SOX engagements.
• Experience operating across multi-entity structures or multiple jurisdictions.
• Effective communicator who can translate technical IT audit findings for control owners, engineering teams, senior leadership, and external stakeholders.

Nice To Haves

• Familiarity with blockchain infrastructure, digital asset custody systems, on-chain transaction processing, or crypto-native technology environments.
• Experience with CI/CD pipelines, GitLab or similar version control systems, cloud infrastructure (AWS, GCP), and modern deployment practices.
• Prior experience building or scaling an IT SOX testing program in a growth-stage or first-year SOX company.
• Familiarity with audit management platforms such as AuditBoard or Workiva.
• Familiarity with AI-assisted audit tools and willingness to adopt emerging technologies.

Responsibilities

• Lead the execution of independent testing of IT General Controls (ITGCs) across key control domains: access management, change management, and system operations.
• Evaluate the design and operating effectiveness of IT controls across in-scope applications and infrastructure, including systems that support blockchain-native operations, digital asset custody, and crypto trading platforms.
• Document testing procedures and results to meet Internal Audit and external auditor quality standards.
• Identify new systems, applications, or process changes that emerge during testing and assess their SOX implications in coordination with the SOX Compliance team.
• Build and maintain testing programs, templates, and workpapers that create a repeatable, scalable foundation for IT SOX testing.
• Identify opportunities to leverage AI-enabled workflows and data analytics to improve testing coverage and efficiency across IT control domains.
• Independently validate the remediation of open SOX findings, including material weaknesses and significant deficiencies, across ITGC control areas.
• Evaluate control deficiencies by performing root cause analysis and assessing the severity and pervasiveness of exceptions to inform deficiency classification.
• Assess whether management’s remediation actions are adequately designed and operating effectively before closing findings.
• Track remediation progress, escalate delays or gaps, and report status to Internal Audit leadership and the Audit Committee as required.
• Coordinate with the SOX Compliance team to ensure alignment on remediation expectations, timelines, and evidence requirements.
• Serve as a trusted Internal Audit point of contact for IT control owners across Engineering, Infrastructure, Security, and IT Operations.
• Bridge the gap between audit methodology and engineering culture — these teams speak a different language than accountants, and you need to be fluent in both.
• Contribute to Internal Audit reporting to the Audit Committee, external auditor, and senior leadership on IT SOX testing coverage, findings, and remediation status.
• Partner with the business process SOX tester and co-sourced resources to ensure coordinated testing coverage across the full SOX program.

Benefits

• Fully remote company
• Kraken Culture page to learn more about our internal culture, values, and mission.
• Kraken app
• Krakenites in 70+ countries who speak over 50 languages.
• Industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space.
• Commitment to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Desktop, Wallet, and Kraken Futures.
• Opportunity to build the future of crypto!
• Integrated Assurance organization, bringing together Internal Audit and Enterprise Risk Management under a unified risk oversight strategy.
• Spans SOX Compliance, Enterprise Risk Management, and Internal Audit across multiple regulated entities and jurisdictions.
• Partners with co-sourced providers, maintains direct reporting lines to the Global and Local Audit Committee Chairs, and is building a technology-forward assurance capability at the forefront of crypto and financial innovation.
• Lead the execution of independent testing of IT General Controls (ITGCs) across key control domains: access management, change management, and system operations.
• Evaluate the design and operating effectiveness of IT controls across in-scope applications and infrastructure, including systems that support blockchain-native operations, digital asset custody, and crypto trading platforms.
• Document testing procedures and results to meet Internal Audit and external auditor quality standards.
• Identify new systems, applications, or process changes that emerge during testing and assess their SOX implications in coordination with the SOX Compliance team.
• Build and maintain testing programs, templates, and workpapers that create a repeatable, scalable foundation for IT SOX testing.
• Identify opportunities to leverage AI-enabled workflows and data analytics to improve testing coverage and efficiency across IT control domains.
• Independently validate the remediation of open SOX findings, including material weaknesses and significant deficiencies, across ITGC control areas.
• Evaluate control deficiencies by performing root cause analysis and assessing the severity and pervasiveness of exceptions to inform deficiency classification.
• Assess whether management’s remediation actions are adequately designed and operating effectively before closing findings.
• Track remediation progress, escalate delays or gaps, and report status to Internal Audit leadership and the Audit Committee as required.
• Coordinate with the SOX Compliance team to ensure alignment on remediation expectations, timelines, and evidence requirements.
• Serve as a trusted Internal Audit point of contact for IT control owners across Engineering, Infrastructure, Security, and IT Operations.
• Bridge the gap between audit methodology and engineering culture — these teams speak a different language than accountants, and you need to be fluent in both.
• Contribute to Internal Audit reporting to the Audit Committee, external auditor, and senior leadership on IT SOX testing coverage, findings, and remediation status.
• Partner with the business process SOX tester and co-sourced resources to ensure coordinated testing coverage across the full SOX program.
• 8+ years of experience in IT audit, internal audit, external audit, or SOX compliance, with significant exposure to IT general controls testing.
• Experience in crypto, fintech, payments, or technology-intensive environments with complex, rapidly evolving infrastructure.
• CISA and CPA certifications required. Candidates with one certification who are actively pursuing the other will be considered.
• Strong knowledge of ITGC frameworks, SOX compliance requirements, COSO, COBIT, and PCAOB auditing standards as they apply to IT controls.
• Hands-on experience testing ITGCs across access management, change management, and system operations.
• Technical fluency with enterprise technology environments — you don’t need to be an engineer, but you need to understand how systems, databases, and deployment pipelines work to effectively test the controls around them.
• Understanding of how IT controls underpin the reliability of financial reporting — you can connect an ITGC failure to its downstream impact on business process controls and the financial statements.
• Experience working with or alongside external auditors (Big 4 preferred) on SOX engagements.
• Experience operating across multi-entity structures or multiple jurisdictions.
• Effective communicator who can translate technical IT audit findings for control owners, engineering teams, senior leadership, and external stakeholders.
• Familiarity with blockchain infrastructure, digital asset custody systems, on-chain transaction processing, or crypto-native technology environments.
• Experience with CI/CD pipelines, GitLab or similar version control systems, cloud infrastructure (AWS, GCP), and modern deployment practices.
• Prior experience building or scaling an IT SOX testing program in a growth-stage or first-year SOX company.
• Familiarity with audit management platforms such as AuditBoard or Workiva.
• Familiarity with AI-assisted audit tools and willingness to adopt emerging technologies.
• Applications are accepted on an ongoing basis.
• Applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.
• We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.
• Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives.
• We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job.
• We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!
• We may ask candidates to complete job-related skills or work-style assessments as part of our hiring process.
• These assessments are designed to evaluate competencies relevant to the role and are applied consistently across candidates for similar positions.
• Assessment results are considered alongside other relevant information, such as experience and interviews, and are not the sole basis for any employment decision.
• As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind.
• Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws.