Senior Technology Risk Audit Analyst

About The RoleWe are hiring a Senior Technology Risk Audit Analyst to help build the Technology Risk function of the Internal Audit Team. The Senior Technology Risk Audit Analyst will report to the Manager, Technology Risk Audit to primarily drive IT SOX initiatives, including supporting the SOX roadmap, coordinating planning and operational activities with the IT SOX co-sourced team and external audit team, and advancing program maturity. Additionally, this individual will support the in risk-based activities beyond the SOX program, including performing control gap assessments and impact assessments of new tools and systems.
This role will work closely with internal and external partners, interacting on a day to day basis with department heads and process owners across the Technology organization, including Engineering, Information Security, Network/System Administration, DevOps, and others, to execute ongoing IT SOX and operational audits, as well as risk assessments in a highly complex marketplace environment. The successful applicant is a builder and will have IT SOX and operational IT audit experience.

What You Get To Do Every Day

• Support IT SOX, operational audits, and technology risk assessments from planning through execution and reporting

• Lead risk-based operational audits including risk assessments, IT operational process reviews, integrated audits and system implementation reviews related to technology risks, including cloud, cybersecurity and privacy risks

• Lead control gap assessments of new and enhanced products, supporting systems, process changes, system architecture and implementations

• Serve as a risk advisor to assess new products, systems, databases or changes to existing processes to identify financial and operational risks before launch, providing recommendations for improvement

• Work cross-functionally with Technology organization teams, offering IT controls expertise and testing controls to ensure compliance with information security and privacy requirements

• Lead and coordinate SOX program testing IT controls with the co-sourced team, external audit team members, control owners, managers and executive management

• Lead benchmarking and control rationalizations to improve controls, make processes more efficient, effective, and/or reduce cycle time for SOX IT compliance

• Develop relationships with key partners as their risk advisor on internal controls and process efficiencies, providing insight and direction in regards to financial and operational risk

• Continuously help improve the company’s ability to mitigate risks and develop recommendations on how to integrate controls as part of daily operations

What You Bring To The Role

Minimum Requirements:

• Minimum of two (2) years of experience, in IT Audit, Information Security Risk Management, IT Compliance, IT Internal Audit or related experience

• Knowledge and experience with Sarbanes-Oxley, evaluating the design and effectiveness of processes and controls over system development/change management, logical and physical access, data monitoring, data integrity/accuracy/completeness, as well as IT infrastructure security.

• Knowledge and experience of cloud-hosted architecture (e.g., AWS, GCP) and the risks associated with the various layers.

• Knowledge of internal control and compliance frameworks (specifically COSO, COBIT, NIST, SOX, and SOC 2) and hands-on experience applying the frameworks to design controls that are operationally effective across multiple compliance programs in cloud-based IT environments 

• Ability to Travel 10%

Preferred Requirements:

• B.A. or B.S. in Information Technology, Information Systems, Accounting, Finance, or related required.

• Big 4 Public Accounting experience with Fortune 500 clients

• Consulting experience providing IT audit services is highly preferred

• Platform marketplace industry experience is highly preferred

• Experience working in a co-sourced environment is highly preferred

• Experience with internal audit GRC tools, i.e. Auditboard

• CPA, CIA, CISA, or other relevant professional certification (or actively working towards achieving certification)

• Experience communicating audit requirements and results to process and control owners

• Experience with Google Business Suite

• Experience assessing controls and risks in a decentralized environment

Compensation, Benefits, + Perks

• Employee Stock Purchase Plan

• 401K with Company Match

• Medical, Dental & Vision Insurance

• Paid Parental Leave

• 9 Paid Company Holidays

• Flexible Time Off (With Manager Approval)

• Find out more about our Benefits here.

The expected salary range for this role is $100,292.00-$123,165.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate’s skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR’s total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.

The RealReal is the world’s largest online marketplace for authenticated, resale luxury goods, with 37 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists, and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories—including women's and men's fashion, fine jewelry and watches, art, and home—in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off, and direct shipping. We handle all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as shipping and customer service.