Senior Manager, IT SOX & Internal Audit
Qualtrics · Provo, UT · 1 wk ago
Information TechnologyFull-time
About the role
This role operates at the intersection of strategic thought leadership, consistent execution, and tech-forward innovation. You will be responsible for owning the end-to-end IT SOX program, influencing how IT, engineering, and security teams think about risk, controls, and compliance, and operating across levels and functions of the organization.
Responsibilities
- Own the end-to-end IT SOX program — from strategy to testing and documentation, through remediation and Audit Committee-level reporting.
- Manage and evolve the annual IT SOX compliance strategy, scoping methodology, and risk assessment framework — bringing genuine thought leadership, not just inherited templates.
- Design and execute all phases of IT SOX audit activity: walkthroughs, design and operating effectiveness testing and documentation, status tracking, issue reporting, and remediation validation.
- Support regular executive and Audit Committee-level reporting.
- Support and continuously look for opportunities to improve and optimize use of Internal Audit team tools, including Audit-board/Optro and Claude.
- Own the relationship with external IT auditors, ensuring all testing methodologies and documentation meet PCAOB standards and align with external auditor expectations to maximize the reliance strategy.
- Proactively solve challenges related to process design and training activities for the development and implementation of IT-related internal controls and SOX related topics at a global, enterprise level.
- Build and sustain trusted relationships with internal (IT, engineering, finance, legal, security) and external (co-source team and external audit) stakeholders — positioning audit as a strategic partner and enabler, not a hurdle.
- Train and up-skill the internal audit team, partners and stakeholder on IT and security trends, best practices, risks, and controls.
- Provide thought leadership and support the strategic design, development, and ongoing management of a technology and security-focused advisory and assurance program, rooted in sound frameworks and proven best practices.
- Partner with Internal Audit leadership and key stakeholders to develop and maintain a relevant audit universe, aligned to enterprise risk priorities such as cybersecurity, cloud, resilience, data governance, AI and emerging technologies.
- Collaborate with IT, product and engineering teams to educate and embed a “compliance and risk mitigation by design” mindset into how we build and ship products internally and externally.
- Continuously look for process efficiency and unwanted risk mitigation opportunities, leveraging deep data analytics skills to surface insights that go beyond financial reporting or surface-level symptoms.
- Play an integral role in designing and developing the next generation of internal audit advisory and assurance capabilities through automation and artificial intelligence.
- Lead the transformation of Internal Audit's capabilities and service offerings by advancing the integration of AI and automation into core audit activities.
Qualifications
- Bachelor’s degree in Accounting, Management Information Systems (MIS), Computer Science, or a related field.
- 8+ years of progressive experience in IT SOX compliance, IT Internal Audit, or Risk Advisory in Big 4 (or similar) or in-house internal audit function.
- Proven experience designing, implementing, and managing IT SOX compliance and assurance programs, with deep, hands-on expertise in COSO, SOX 404, and PCAOB audit standards.
- Track record of implementing or optimizing AI/automated compliance and audit capabilities/tools.
- Proven ability to inform and influence at the executive level - influence without authority.
- Experience working in GRC tools (like Auditboard/Optro), or building home-grown solutions.
- Mastery of IT general controls (ITGCs), IT application controls, and key reports/interfaces in a SaaS environment.
- Fluency in key frameworks like COSO, COBIT, NIST CSF, ISO 27001/42001, SOC 1/SOC 2.
- Hands-on experience auditing - and strong understanding of - technology and cybersecurity risk domains, including cloud environments, application architecture, SDLC, CI/CD, data governance, IAM, and operational resilience.
- Demonstrated proficiency using AI tools (e.g., Claude or equivalent) to accelerate audit workflows and improve manual operations — including project management, evidence analysis, control testing, and documentation — while maintaining professional skepticism and exercising sound judgment on when AI assistance is and is not appropriate.
- High proficiency with audit tools and engineering platforms like AuditBoard/Optro, Jira, ServiceNow, GitHub, GitLab, and CI/CD platforms.
- Certifications (one of the following): CISACIACISSP.