Technology Systems Audit Manager

Position Summary 

The Technology Systems Audit Manager owns the end-to-end IT audit program for systems that have a direct or indirect impact on the financial reporting process. This role is responsible for identifying in-scope systems, documenting and maintaining the related internal control environment, coordinating control owners across the organization, and serving as the primary technology liaison to internal and external audit. The position is central to the company’s SOX/ICFR compliance posture and requires both technical depth across enterprise systems and a disciplined, controls-oriented mindset. 

Key Responsibilities 

1. IT Audit Program Management 

• Manage the complete IT audit lifecycle for all systems within scope of financial reporting. 

• Maintain a current, accurate understanding of every software system that has a direct or indirect impact on the financial reporting process, including upstream and downstream data dependencies. 

• Establish and maintain the audit calendar, scope boundaries, and testing schedules to ensure all control activities are planned, executed, and concluded on time. 

2. IT General Controls (ITGC) Documentation & Control Design 

• Document and maintain the full population of internal controls associated with each in-scope system, including: 

• Configuration & Change Management controls 

• Access Controls (provisioning, deprovisioning, privileged access) 

• Segregation of Duties — conflicting-access analysis and privileged / emergency (“firefighter”) access 

• Test / Validation Controls over system changes and implementations 

• Entity-Level Controls governing the broader IT control environment 

• IT Application Controls (ITACs) — system-enforced controls and automated calculations 

• Completeness & Accuracy of Information Produced by the Entity (IPE), ensuring reliability of system-generated reports and data used in controls and provided to auditors 

• Ensure control descriptions, control objectives, and supporting evidence requirements are clearly defined, current, and audit-ready. 

3. Control Owner Oversight & Coordination 

• Provide indirect (dotted-line) oversight of control owners across the organization to ensure control activities are performed timely and consistently. 

• Hold control owners accountable to documentation standards, evidence quality expectations, and remediation timelines. 

• Identify gaps, coaching needs, or capacity constraints among control owners and escalate where appropriate. 

4. ERP Control Ownership 

• Serve as the designated owner of control monitoring and control documentation for one key in-scope system: the enterprise ERP platform. 

• Maintain direct accountability for the ERP control narrative, control evidence, and ongoing operating effectiveness of those controls. 

5. Audit Relationship Management 

• Own and manage the Technology Department’s working relationship with the Internal Audit function. 

• Serve as the primary technology point of contact for External Auditors, coordinating requests, walkthroughs, evidence delivery, and issue resolution. 

• Act as the single, reliable interface that ensures audit interactions are organized, responsive, and professionally managed. 

6. New System Scoping & Audit Readiness 

• Ensure that newly introduced in-scope software is evaluated for financial reporting impact on a timely basis. 

• Design and implement effective audit processes and control frameworks for new in-scope systems prior to reliance. 

• Perform independent review to confirm completeness of scoping and control coverage — ensuring nothing material is missed. 

7. SOC 1 / SOC 2 Report Review 

• Review SOC 1 and SOC 2 reports for all in-scope third-party systems and service providers. 

• Evaluate the relevance and operating effectiveness of service organization controls, assess Complementary User Entity Controls (CUECs), and document any exceptions or coverage gaps. 

8. Future-State Scoping & Audit Process Development 

• Proactively develop audit processes and control frameworks for other material software systems that may be brought into scope in the future. 

• Maintain a forward-looking view of the system landscape so that scope expansion can be absorbed without compromising audit timeliness or quality. 

Required Qualifications 

Suggested baseline — adjust to fit your requirements. 

• Bachelor’s degree in Accounting, Information Systems, Computer Science, or a related field. 

• 5+ years of experience in IT audit, IT compliance, or technology risk, with direct SOX/ICFR responsibility. 

• Demonstrated working knowledge of ITGCs across change management, access, and operations domains. 

• Experience interfacing directly with internal audit teams and external audit firms. 

• Working familiarity with enterprise ERP systems and the control considerations specific to them. 

• Strong documentation discipline and the ability to translate technical processes into clear control narratives. 

Preferred Qualifications 

• Professional certification such as CISA, CIA, CPA, or CISSP. 

• Experience reviewing SOC 1 / SOC 2 reports and assessing CUECs. 

• Public company experience and familiarity with PCAOB audit expectations. 

• Experience designing audit processes for newly in-scope systems from the ground up. 

 Salary Starting: $120,000

Location: SLC/Hybrid