Senior Manager, IT SOX & Internal Audit
Qualtrics · Seattle, WA · 2 wk ago
Information Technology$177k–$192k/yrFull-time
About the role
This role operates at the intersection of strategic thought leadership, consistent execution, and tech-forward innovation. You will be responsible for owning and executing the IT SOX and internal audit program, influencing how IT, engineering, and security teams think about risk, controls, and compliance. You will also provide strategic insights and assurance to leaders across the enterprise.
Responsibilities
- Own the end-to-end IT SOX program — from strategy to testing and documentation, through remediation and Audit Committee-level reporting.
- Manage and evolve the annual IT SOX compliance strategy, scoping methodology, and risk assessment framework — bringing genuine thought leadership, not just inherited templates.
- Design and execute all phases of IT SOX audit activity: walkthroughs, design and operating effectiveness testing and documentation, status tracking, issue reporting, and remediation validation.
- Support regular executive and Audit Committee-level reporting.
- Support and continuously look for opportunities to improve and optimize use of Internal Audit team tools, including Audit-board/Optro and Claude.
- Own the relationship with external IT auditors, ensuring all testing methodologies and documentation meet PCAOB standards and align with external auditor expectations to maximize the reliance strategy.
- Proactively solve challenges related to process design and training activities for the development and implementation of IT-related internal controls and SOX related topics at a global, enterprise level.
- Build and sustain trusted relationships with internal (IT, engineering, finance, legal, security) and external (co-source team and external audit) stakeholders — positioning audit as a strategic partner and enabler, not a hurdle.
- Train and up-skill the internal audit team, partners and stakeholder on IT and security trends, best practices, risks, and controls.
- Provide thought leadership and support the strategic design, development, and ongoing management of a technology and security-focused advisory and assurance program, rooted in sound frameworks and proven best practices.
- Partner with Internal Audit leadership and key stakeholders to develop and maintain a relevant audit universe, aligned to enterprise risk priorities such as cybersecurity, cloud, resilience, data governance, AI and emerging technologies.
- Collaborate with IT, product and engineering teams to educate and embed a “compliance and risk mitigation by design” mindset into how we build and ship products internally and externally.
- Continuously look for process efficiency and unwanted risk mitigation opportunities, leveraging deep data analytics skills to surface insights that go beyond financial reporting or surface-level symptoms.
- Play an integral role in designing and developing the next generation of internal audit advisory and assurance capabilities through automation and artificial intelligence.
- Lead the transformation of Internal Audit's capabilities and service offerings by advancing the integration of AI and automation into core audit activities.
Qualifications
- Bachelor’s degree in Accounting, Management Information Systems (MIS), Computer Science, or a related field.
- 8+ years of progressive experience in IT SOX compliance, IT Internal Audit, or Risk Advisory in Big 4 (or similar) or in-house internal audit function.
- Proven experience designing, implementing, and managing IT SOX compliance and assurance programs, with deep, hands-on expertise in COSO, SOX 404, and PCAOB audit standards.
- Track record of implementing or optimizing AI/automated compliance and audit capabilities/tools.
- Proven ability to inform and influence at the executive level - influence without authority.
- Experience working in GRC tools (like Auditboard/Optro), or building home-grown solutions.
- Mastery of IT general controls (ITGCs), IT application controls, and key reports/interfaces in a SaaS environment.
- Fluency in key frameworks like COSO, COBIT, NIST CSF, ISO 27001/42001, SOC 1/SOC 2.
- Hands-on experience auditing - and strong understanding of - technology and cybersecurity risk domains, including cloud environments, application architecture, SDLC, CI/CD, data governance, IAM, and operational resilience.
- Demonstrated proficiency using AI tools (e.g., Claude or equivalent) to accelerate audit workflows and improve manual operations — including project management, evidence analysis, control testing, and documentation — while maintaining professional skepticism and exercising sound judgment on when AI assistance is and is not appropriate.
- High proficiency with audit tools and engineering platforms like AuditBoard/Optro, Jira, ServiceNow, GitHub, GitLab, and CI/CD platforms.
- Certifications (one of the following): CISACIACISSP.