Jobs · Information Technology · Utah

Senior Manager, IT SOX & Internal Audit

Qualtrics · Provo, UT · 1 wk ago
Information TechnologyFull-time

About the role

This role operates at the intersection of strategic thought leadership, consistent execution, and tech-forward innovation. You will be responsible for owning the end-to-end IT SOX program, influencing how IT, engineering, and security teams think about risk, controls, and compliance, and operating across levels and functions of the organization.

Responsibilities

  • Own the end-to-end IT SOX program — from strategy to testing and documentation, through remediation and Audit Committee-level reporting.
  • Manage and evolve the annual IT SOX compliance strategy, scoping methodology, and risk assessment framework — bringing genuine thought leadership, not just inherited templates.
  • Design and execute all phases of IT SOX audit activity: walkthroughs, design and operating effectiveness testing and documentation, status tracking, issue reporting, and remediation validation.
  • Support regular executive and Audit Committee-level reporting.
  • Support and continuously look for opportunities to improve and optimize use of Internal Audit team tools, including Audit-board/Optro and Claude.
  • Own the relationship with external IT auditors, ensuring all testing methodologies and documentation meet PCAOB standards and align with external auditor expectations to maximize the reliance strategy.
  • Proactively solve challenges related to process design and training activities for the development and implementation of IT-related internal controls and SOX related topics at a global, enterprise level.
  • Build and sustain trusted relationships with internal (IT, engineering, finance, legal, security) and external (co-source team and external audit) stakeholders — positioning audit as a strategic partner and enabler, not a hurdle.
  • Train and up-skill the internal audit team, partners and stakeholder on IT and security trends, best practices, risks, and controls.
  • Provide thought leadership and support the strategic design, development, and ongoing management of a technology and security-focused advisory and assurance program, rooted in sound frameworks and proven best practices.
  • Partner with Internal Audit leadership and key stakeholders to develop and maintain a relevant audit universe, aligned to enterprise risk priorities such as cybersecurity, cloud, resilience, data governance, AI and emerging technologies.
  • Collaborate with IT, product and engineering teams to educate and embed a “compliance and risk mitigation by design” mindset into how we build and ship products internally and externally.
  • Continuously look for process efficiency and unwanted risk mitigation opportunities, leveraging deep data analytics skills to surface insights that go beyond financial reporting or surface-level symptoms.
  • Play an integral role in designing and developing the next generation of internal audit advisory and assurance capabilities through automation and artificial intelligence.
  • Lead the transformation of Internal Audit's capabilities and service offerings by advancing the integration of AI and automation into core audit activities.

Qualifications

  • Bachelor’s degree in Accounting, Management Information Systems (MIS), Computer Science, or a related field.
  • 8+ years of progressive experience in IT SOX compliance, IT Internal Audit, or Risk Advisory in Big 4 (or similar) or in-house internal audit function.
  • Proven experience designing, implementing, and managing IT SOX compliance and assurance programs, with deep, hands-on expertise in COSO, SOX 404, and PCAOB audit standards.
  • Track record of implementing or optimizing AI/automated compliance and audit capabilities/tools.
  • Proven ability to inform and influence at the executive level - influence without authority.
  • Experience working in GRC tools (like Auditboard/Optro), or building home-grown solutions.
  • Mastery of IT general controls (ITGCs), IT application controls, and key reports/interfaces in a SaaS environment.
  • Fluency in key frameworks like COSO, COBIT, NIST CSF, ISO 27001/42001, SOC 1/SOC 2.
  • Hands-on experience auditing - and strong understanding of - technology and cybersecurity risk domains, including cloud environments, application architecture, SDLC, CI/CD, data governance, IAM, and operational resilience.
  • Demonstrated proficiency using AI tools (e.g., Claude or equivalent) to accelerate audit workflows and improve manual operations — including project management, evidence analysis, control testing, and documentation — while maintaining professional skepticism and exercising sound judgment on when AI assistance is and is not appropriate.
  • High proficiency with audit tools and engineering platforms like AuditBoard/Optro, Jira, ServiceNow, GitHub, GitLab, and CI/CD platforms.
  • Certifications (one of the following): CISACIACISSP.

Similar jobs