As the Senior Manager/Manager - Information Technology (IT) & Data Analytics on our Internal Audit & Enterprise Risk Management team, you will be focused on IT audits of cloud-based and custom developed systems, SOX 404 testing, as well as Enterprise Risk Management (ERM) and Fraud Risk Assessment (FRA) activities. This role helps the company to accomplish its objectives and improve IT operations through an independent and objective assurance and advisory approach designed to add value. You will report to the Internal Audit Lead (Group Manager-Chief Audit Executive/Head of Audit) and oversee the work of a Senior IT Auditor as well as co-source resources depending on the project, and you will work with various business & IT partners across the company. Specifically, this role is responsible for planning and leading IT audits in all areas of IT, Information Security and Privacy, managing and reviewing fieldwork for quality, and preparing audit findings for reporting to senior management. The IT Audit & Data Analytics works closely with the Business Process audit team, and the entire IA team will utilize data analytics/visualizations and automation technologies (Robotic Process Automation/RPA, Generative AI, etc.). The IT Audit & Data Analytics team will serve as a “center of excellence” for data analytics, visualization, and adoption of emerging technologies.The ideal candidate is an ex-Big 4, highly motivated self-starter with prior experience in IT Internal Audits, Data Analytics & Visualization, Enterprise Risk Management, and SOX in the Fintech or Software industry who has superior written and oral communication skills, takes pride in the accuracy and timeliness of their work and is used to working as part of a remote team and collaborating with business partners in offshore locations such as India and Mexico.

How you'll contribute:

• Lead planning and conducting IT internal audit projects in accordance with the Institute of Internal Auditors (IIA) professional practice standards
• Lead administrative coordination/project management of SOX 404 ITGC testing, annual IA IT audit plan and Enterprise Risk Assessment, develop timelines and budgets
• Lead the identification and assessment of IT risks
• Contribute to ongoing development of the ERM, Fraud Risk Management programs
• Perform interviews with stakeholders
• Schedule meetings, request documents from business partners as neede
• Obtain, analyze and evaluate existing documentation, previous reports, data, flowcharts
• Develop process flowcharts and data flow diagrams
• Evaluate internal controls design and operating effectiveness
• Evaluate compliance with policies and procedures
• Ensure work is performed within budget and manage projects based on timeline
• Develop audit test procedures when needed
• Review Test of Design (TOD) and Test of Effectiveness (TOE) work
• Perform and incorporate data analysis and visualizations in audit planning, workpaper support, final reports
• Review workpapers for work performed and conclusions reached; to ensure they are Prepare clear, concise, accurate, logical, and detailed
• Explain complex, technical and/or sensitive information in a straightforward manner
• Provide meaningful recommendations to improve policies/ procedures/ systems/ processes and address root causes of ineffective or inefficient controls
• Work with business partners to address control gaps and monitor action plans
• Exercise judgment and discretion related to conducting audit work
• Participate in special projects as assigned by Internal Audit management
• Promote an ethical and risk-aware culture at the company
• Maintain knowledge of the business of Blend Platform and Title365, including the underlying technologies
• Maintain knowledge of generally accepted auditing and accounting standards and maintain professional certifications (e.g., CIA, CISA, CISSP)
• Serve as a back-up for system administration activities in the SOXHub application (user provisioning, de-provisioning, workstream tasks, issues management, controls audits) and participate in vendor webcasts and meetings such as “health checks” to facilitate Blend adopting all available functionality

Who you are:

• Bachelor's Degree in a business or technology discipline
• Big 4 (Deloitte, EY, KPMG, PwC) Advisory or Assurance background
• Strong understanding of business & IT operations processes for a software company
• Strong understanding of Software as a Service (SAAS)/Platform as a Service (PAAS)
• Strong business judgment that enables issue identification and appropriate escalation
• Strong critical thinking, analytical and investigative skills
• Strong project and time management skills
• Strong coaching/mentoring skills to develop senior auditor(s)
• Ability to effectively juggle multiple projects and keep Head of Audit informed
• Ability to think independently, take ownership, and drive initiatives to resolution
• Ability to provide meaningful recommendations to improve policies, procedures, systems, processes; as well as to address root causes of ineffective/inefficient controls
• Ability to explain complex and/or sensitive information in a straightforward manner
• Ability to manage stakeholders in a service oriented, problem-solving, practical mindset
• Strong rapport and relationship building skills to collaborate and positively influence partnerships across the company
• Proactive and self-initiating work style
• Integrity, openness, and transparency
• Intellectual curiosity
• Critical thinker, ability to identify root cause of issues

Required Skills:

• Minimum of 5 years experience in IT audit, including Data Analytics
• Experience as a Manager/Senior Manager of IT Audit
• Experience working as part of a remote team
• Work collaboratively with partners to address control gaps, monitor action plans
• Prior experience managing SOX 404 ITGC and IT audit testing according to defined budgets and timelines, including administrative tasks such as meeting coordination/scheduling and requesting documents
• Prior experience leading the adoption of data analysis / data analytics (including the use of SQL-based tools) & AI tools and techniques in audit planning, testing, workpaper support and final reports
• Prior experience leading IPE (Information Provided by Entity) and testing the completeness and accuracy of key reports and spreadsheets
• Prior experience leading control owners in completing SOC (Service Organization Control) Report reviews for SOC1, including controls mapping and mapping of Complementary End User Computing Controls
• Experience leveraging Robotic Process Automation (RPA) and AI technology
• Experience with Visio, SOXHub, NetSuite, Workday HCM, Salesforce, Slack, GSuite
• Experience with auditing cloud-based, open-source systems & tools
• Experience with auditing Agile IT
• Experience with SOC, ISO, PCI frameworks
• Excellent written English communication skills: clear, concise, professional

Certification(s):

• Required: Certified Information Systems Auditor (CISA)
• Optional: Certified Fraud Examiner (CFE), Certificate in Risk Management Assurance (CRMA), Project Management Professional (PMP), Certified Information Systems Security Professional (CISSP)