Job Title: IT General Controls & Application Controls Specialist
Location: 3495 Deer Creek Road Palo Alto CA
Client is seeking an experienced IT Audit Contractor to support the execution of its Sarbanes-Oxley (SOX) compliance program. This role requires deep hands-on expertise in IT General Controls (ITGCs) and IT Application Controls (ITACs), as well as key report testing. The ideal candidate brings a structured, audit-first mindset from a Big 4 or major consulting background or internal audit background, along with the agility to thrive in a fast-paced, high-growth technology environment.
This role will work closely with both internal stakeholders and our external auditors to assess control design, execute operating effectiveness testing, and support timely remediation of identified issues.
KEY RESPONSIBILITIES
Manage Key Reports end to end from requesting audit evidence to coordinating key reports walkthrough and wrapping up key reports testing
Manage Service Organization Controls 1 (SOC) review including request SOC reports and bridge letters, evaluate controls testing exceptions, evaluate subservice organization controls, and map Complementary User Entity Controls to Company s IT and Business Process controls
Conduct ITtesting across domains including logical access, change management, computer operations, and program development, ensuring audit-ready work papers for each control.
Execute IT Application Controls (ITAC) testing, including input controls, interface controls, processing controls, and output controls across key financial systems.
Perform key report testing: validate report logic, identify report parameters, assess completeness and accuracy, and document evidence in accordance with SOX standards.
Coordinate and communicate with external auditors (Big 4) to facilitate reliance on internal audit work and reduce overall audit burden.
Track control deficiencies and open issues; work with control owners to monitor remediation and validate closure with sufficient evidence.
Prepare, organize, and maintain high-quality audit work papers in AuditBoard (or equivalent GRC platform), ensuring documentation meets internal and external audit standards.
Participate in process improvement initiatives to enhance the efficiency and effectiveness of the SOX program year over year.
Flexibly support additional internal audit projects and operational audits as directed by the Internal Audit leadership team.
REQUIRED QUALIFICATIONS
Bachelor's degree in Information Systems, Computer Science, or a related field.
Minimum 4+ years of experience in IT audit, with a strong foundation in SOX ITand ITAC testing from a Big 4 public accounting firm or public company s internal audit team.
Proven experience with key report testing methodology validating report logic, parameters, completeness, and accuracy in a SOX context.
Demonstrated hands-on experience designing and executing ITand ITAC test procedures across a range of technology platforms and financial applications.
Proven experience with SOC1 review including request SOC reports and bridge letters, evaluate controls testing exceptions, evaluate subservice organization controls, and map Complementary User Entity Controls to Company s IT and Business Process controls
Strong written and verbal communication skills, with the ability to clearly articulate issues, risks, and recommendations to technical and non-technical stakeholders alike.
Highly organized and detail-oriented, with proven ability to manage multiple concurrent workstreams and meet firm deadlines in a dynamic environment.
Unwavering integrity and the ability to handle confidential information with the highest level of professional discretion.
PREFERRED QUALIFICATIONS
Big 4 background preferred.
CISA or equivalent professional certification preferred.
Familiarity with AuditBoard for documentation, workflow, and reporting.
Familiarity with Google Suite (e.g. Gmail, Gsheet, etc) for work productivity
Experience creating process and data flow diagrams using Lucidchart or equivalent tools.
Prior exposure to high-growth SaaS or technology companies; ability to navigate evolving control environments with limited supervision.
Familiarity with COBIT, or similar IT control frameworks as applied within a SOX program context.