Sr. Technology Auditor
AppFolio · Santa Barbara, CA · 2 wk ago
Accounting$94k–$118k/yrFull-time
About the role
We’re looking for a Senior Technology Auditor to be a hands-on leader behind AppFolio’s technology assurance program. In this role, you’ll deliver the annual IT audit plan end-to-end, strengthen the IT General Controls that anchor our SOX and operational resilience programs, and help shape how AppFolio governs its rapidly expanding use of AI — internally, in product, and across the software development lifecycle.
Responsibilities
- Own the execution of audits across the annual IT audit plan — scoping, risk assessment, fieldwork, reporting, and remediation follow-up — producing high-quality workpapers and findings that drive measurable risk reduction.
- Evaluate and continuously rationalize ITGCs across our cloud platforms (AWS/GCP), CI/CD pipelines, and enterprise systems (NetSuite ERP, Coupa, etc.) to support ongoing SOX compliance and operational resilience.
- Play a leading role in how AppFolio governs the internal use of generative and agentic AI — assessing policy design, model and tool usage, data privacy, vendor risk, and AI-supported development workflows against frameworks like the NIST AI RMF.
- Assess the effectiveness of automated security checks embedded in our CI/CD pipelines and cloud configurations so we maintain “Elite” deployment performance without compromising security or compliance.
- Contribute to the enterprise technology risk assessment by identifying emerging threats across cloud-native infrastructure, payments systems, and agentic AI platforms — and translating them into a forward-looking audit plan.
- Partner with Data Governance teams to audit data discovery scans, classification efforts, and the protection of sensitive information across structured and unstructured data sources.
- Work directly with the CIO organization, CISO, Engineering leadership, and Finance to deliver practical, data-driven recommendations that improve our security posture, operational efficiency, and audit-readiness.
Qualifications
- Experience: 4 to 7 years of progressive experience in IT audit, technology risk management, or cybersecurity, with a clear track record of delivering audits end-to-end.
- Public Accounting Rigor: Previous experience in a Big 4 or large national accounting firm, with a focus on IT audit or advisory services, is a plus.
- Environment: Direct experience auditing or managing risk in a high-growth SaaS, FinTech, or technology-driven environment.
- Technical Knowledge: Familiarity with cloud infrastructure security (AWS/GCP), containerization (Kubernetes), generative and agentic AI, and modern software development lifecycles (SDLC).
- AI Governance: Exposure to emerging AI governance frameworks (e.g., NIST AI RMF) or experience auditing internal AI / LLM usage is a strong plus.
- Technical Control Advisory: Demonstrated ability to translate technical control objectives into action-oriented plans that bridge the gap between current and desired state.
- Financial Systems: Experience with cloud-based ERP systems (NetSuite preferred) and automated segregation of duties (SoD) monitoring tools.
- Education: Bachelor’s degree in Management Information Systems, Computer Science, Accounting, or a related field. Must Haves Certification: CISA (Certified Information Systems Auditor), CISSP, CIA, or AWS Certified Security Specialty.
- Professional Presence: Excellent communication and presentation skills, with the ability to translate complex technical risks into a business context for senior leadership.
- Objective Reasoning: A proven ability to critically assess the reliability of information and maintain an inquisitive attitude toward automated control environments.
- Analytical Mindset: Demonstrated success in leading complex technical audits across multiple stakeholders and high-volume data environments.
- Bias for Impact: You see audit as an exercise to enhance the company’s ability to manage risk— not a checklist — and bring curiosity, ownership, and a high standard of craft to every engagement.