Technology Auditor

About The Position

Requirements

• 5+ years of experience in technology audit, technology risk, or control testing/assurance.
• Proven experience performing control testing and validation (design and operating effectiveness), including sampling and evidence standards, across a broad spectrum of technology domains.
• Bachelor’s degree in Information Systems, Cybersecurity, Information Technology, Computer science or a related field.
• Ability to translate technical details into clear risk statements, issues, and practical remediation recommendations.
• Demonstrated strong documentation skills with the ability to produce audit-ready workpapers, test scripts, and results.
• Strong stakeholder management with the able to work effectively with engineers, control owners, leadership and customers.
• Knowledge of GRC tooling and workflows.
• Excellent stakeholder management and communication skills.
• Proficient in English for effective communication and coordination.

Nice To Haves

• Experience as a Technology Auditor at a large professional services firm (e.g., Big 4 or similar) or comparable complex enterprise environment.
• Familiarity with control frameworks and standards such as COSO, COBIT, NIST, ISO 27001, and/or SSAE 16 requirements.
• Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline.
• Industry-recognized credentials such as CISSP, CISM, CISA.
• Bi-lingual in English and Korean language proficiency.

Responsibilities

• Develop and maintain a control testing & validation plan aligned to the organization’s technology risk landscape, including scope, frequency, methodology, and sampling approaches.
• Execute control design and operating effectiveness testing across technology domains (e.g., cloud, infrastructure, network, application, SDLC, IAM, logging/monitoring, vulnerability management, backup/DR).
• Create testing procedures and workpapers that are repeatable, audit-ready, and defensible; ensure evidence is complete, accurate, and traceable.
• Perform walkthroughs and interviews with technology stakeholders to confirm control intent, ownership, and implementation details.
• Validate control implementation technically (where applicable) by inspecting configurations, system settings, logs, tickets, and pipeline artifacts (e.g., CI/CD).
• Identify control gaps and root causes, assess risk impact, and provide clear recommendations and remediation guidance.
• Track and validate remediation activities and re-test controls to confirm closure.
• Produce concise reporting (test results, summaries, themes, and metrics) for IRM leadership and customers.
• Support internal/external audits and regulatory inquiries by providing documentation, testing artifacts, and control narratives.
• Continuously improve the control testing program through standardization, automation opportunities, and alignment to evolving technology.

Benefits

• Health insurance
• Dental insurance
• Vision insurance