IT Internal Audit/SOX Manager

The IT Internal Audit/SOX Manager will play a key role in enhancing the effectiveness, efficiency, and scalability of Opendoor's IT Control Environment.  This leader will manage the Company’s end-to-end IT-SOX 404 assessments, and will also provide value-add advice and insights to support key Company initiatives in IT related areas such as cybersecurity, cloud governance, new systems, new partnerships or product initiatives, etc. The role requires skills and experience in cloud engineering and security infrastructure and related processes, risks and controls with proficiency in identifying operational, IT and security risks. The successful candidate will stay abreast of Company operations and the risk profile of the Company’s technologies and systems to ensure relevancy of the SOX approach and applies industry best practices and standards.  This position will report to and work closely with Opendoor’s head of the internal audit function.

• Lead the risk assessment of the Company’s IT system environment, identify and prioritize risks across different components of the IT environment, including system implementations and upgrades
• Plan and manage the end-to-end IT SOX assessments (IT General Controls, IT Application Controls and Key Reports)
• Lead the IT framework documentation, identify key controls and facilitate controls documentation updates for in-scope infrastructure, applications, operating systems, and databases.
• Identify IT control improvements or opportunities for automation, optimization, and process efficiencies 
• Lead control walkthroughs, develop test plans that address the risks identified, manage the design and operating effectiveness assessments 
• Evaluate control exceptions, recommend appropriate risk mitigation plans, provide support and obtain business owner acceptance and engagement for remediation actions
• Communicate effectively with IT and business owners and senior management to relay control findings and recommendations, track and help drive remediation efforts to closure, advise on control requirements in the design of new systems and processes, identify trends and insights, and continuously seek improvement opportunities
• Coordinate with external auditors on the annual SOX testing plan and ensure timely and smooth completion of SOX assessments
• Act as a trusted advisor, fostering strong relationships with business and technology partners, and external auditors.  Provide routine training and support to system owners to ensure their thorough understanding of the SOX program, IT risk and control requirements
• Manage outside consulting resources to complete  internal audit/SOX activities within budget and on schedule
• Stay up to date on technology trends and inform senior leadership of emerging trends and best practices in IT governance, risk, and compliance

• Strong experience managing the end-to-end IT SOX-internal audit program and driving/supporting enterprise-wide IT risk management initiatives
• Technical knowledge and risk assessment/audit skills in Cloud Security and Engineering infrastructure, and financial applications required
• Strong knowledge of the IT governance framework (COBIT) established by ISACA, COSO internal controls framework and PCAOB audit standards
• Team player focused on team cohesion and success; adept at building relationships across organizations; willingness and ability to lead projects as well as participate as member of project team
• Excellent communication, collaboration and presentation skills with the ability to engage with stakeholders across the organization, and effect change through collaboration, trust, credibility and influence
• Strong planning, project management and analytical skills; team player with the ability to evaluate issues, proactively problem-solve complex problems, identify, advocate for and execute improvements
• Detail-oriented and accustomed to project work with tight deadlines and working in a fast-paced environment
• BA/BS degree in Accounting, Information Systems, Computer Science, or related field

• One or more relevant professional certifications (CISA, CISSP, CISM, CRISC, CPA, CA, etc.)
• Relevant knowledge of policies/procedures related to PCI, SOC 1/2, GDPR, FedRAMP, ISO 9001, ISO 27001is beneficial

Remote roles in the US are available in all states EXCEPT Hawaii, Alaska, Montana, or any US Territories. 

The base salary range for this position in Colorado, Connecticut, Washington, and New Jersey is $132,000 - $203,500/yr, and in California and New York City is $132,000 - $203,500/yr. Base salary may vary depending on relevant experience, skills, geographic location, and business needs. We offer a comprehensive package of benefits including paid time off, 12 paid holidays per year, medical/dental/vision insurance, basic life insurance, and 401(k) to eligible employees.

#LI-Remote
#LI-CT1