Senior Manager, IT SOX & Internal Audit

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers. When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that’s work worth doing. Senior Manager, IT SOX & Internal Audit Why We Have This Role At Qualtrics, we build technology that closes experience gaps — and our Internal Audit team plays a direct role in making sure we do it with integrity at scale. This isn’t a “check-the-box” audit role. This is a chance to architect and own our entire IT SOX and technology assurance program, influence how IT, engineering and security teams think about risk, controls and compliance, and operate across levels and functions of the organization. You’ll report directly to the Chief Audit Executive and carry high visibility across the enterprise – Finance, Operations, IT, Security. You’ll be the internal authority on IT SOX and operational risks, controls and compliance — the person leaders call for meaningful insights and assurance. How You’ll Find Success This role operates at the intersection of strategic thought leadership, consistent execution and tech-forward innovation. We’re looking for a self-starter, “roll up your sleeves” leader with a lived understanding of customer-focused mindset. Success in this role isn't defined by power-points/spreadsheets, control test completion rates or a tally of audit projects — it's defined by your impact to the organization’s process risk, controls and compliance intelligence and capabilities. You show up in the following ways everyday: * Player-Coach Mindset: As an IC, you roll up your sleeves while architecting and carrying the strategic IT SOX and Audit vision – no directing from a distance. You show up with a point of view on current risks/capabilities and industry trends. You influence without authority. * Executive Presence and Partner-Mindset: You walk into a room with a C-level leader and make complex process and risk clear, urgent, and actionable. No jargon, no hedging. You build relationships across the enterprise that position Internal Audit as a strategic partner rather than a compliance function. * Impactful Prioritization: Speed and quality are both non-negotiable. You know which battles to fight first, which has the biggest immediate impact, and prioritize ruthlessly * Tech-forward Innovation: You have a strong curiosity toward technology and opportunities for innovation. You drive innovative change, actively identifying, building and deploying process automations or AI-enabled capabilities — continuous monitoring, automated testing, scaled compliance. Familiarity is a baseline; innovative outcomes is the bar. * Analytical Rigor: You purposefully connect dots across disparate systems, think in risk frameworks, and support recommendations with data and actions. How You’ll Grow * You’ll have first hand opportunities to define and direct the SOX, technology assurance, and business advisory practices. * Partnering with cross-functional leaders, you’ll play an integral role in the Company’s maturity journey, solving complex challenges across M&A activities, process and technology transformation, and AI and product innovation. Opportunities are plenty, you just need to go get them. * Building impactful and long-term partnerships is how we’ll achieve our goals. Things You’ll Do

• IT SOX Leadership & Execution
• Own the end-to-end IT SOX program — from strategy to testing and

documentation, through remediation and Audit Committee-level reporting. This is the core of the role [today]. * Manage and evolve the annual IT SOX compliance strategy, scoping methodology, and risk assessment framework — bringing genuine thought leadership, not just inherited templates * Design and execute all phases of IT SOX audit activity: walkthroughs, design and operating effectiveness testing and documentation, status tracking, issue reporting, and remediation validation

• Support regular executive and Audit Committee-level reporting
• Support and continuously look for opportunities to improve and optimize use

of Internal Audit team tools, including Audit-board/Optro and Claude * Support IT SOX program and resource management activities, including co-source partner resources, while maintaining quality and driving consistency across the program * In partnership with the Business Process/Finance SOX lead, manage the full SOX documentation library — narratives, flowcharts, risk and control matrices (RCMs), and management certifications — and keep it audit-ready at all times * Drive deficiency management conversations with control owners, advocating for automation-first and scalable remediation over manual, siloed patches * Own the relationship with external IT auditors, ensuring all testing methodologies and documentation meet PCAOB standards and align with external auditor expectations to maximize the reliance strategy * Proactively solve challenges related to process design and training activities for the development and implementation of IT-related internal controls and SOX related topics at a global, enterprise level * Build and sustain trusted relationships with internal (IT, engineering, finance, legal, security) and external (co-source team and external audit) stakeholders — positioning audit as a strategic partner and enabler, not a hurdle * Train and up-skill the internal audit team, partners and stakeholder on IT and security trends, best practices, risks, and controls

• Operational / Technology Advisory & Assurance Engagements
• Beyond SOX, you’ll help build a broader technology-focused advisory and

assurance capability within Internal Audit — one that’s proactive, risk-intelligent, data-driven and surfaces impactful insights to our enterprise partners. * Provide thought leadership and support the strategic design, development, and ongoing management of a technology and security-focused advisory and assurance program, rooted in sound frameworks and proven best practices * Partner with Internal Audit leadership and key stakeholders to develop and maintain a relevant audit universe, aligned to enterprise risk priorities such as cybersecurity, cloud, resilience, data governance, AI and emerging technologies * Design and execute all phases of assurance and advisory projects including planning, scoping, execution, documentation, issue management, reporting * Establish and maintain program governance, including tracking and reporting audit plan status, KPIs/metrics, and risk coverage * Monitor audit execution for timeliness, consistency, quality, and adherence to established methodologies and standards through the use of standardized tools, templates, and frameworks * Support the development of Audit Committee and executive‑level reporting, including audit plan progress, learnings and insights/opportunities, and emerging risk themes * Partner with the stakeholder/adjacent groups (e.g., GRC, IT, engineering, legal) that operate enterprise governance and compliance programs (e.g., SOC, Hitrust, FedRAMP, HIPAA, privacy) to identify opportunities for connected risk management and assurance activities * Collaborate with IT, product and engineering teams to educate and embed a “compliance and risk mitigation by design” mindset into how we build and ship products internally and externally * Continuously look for process efficiency and unwanted risk mitigation opportunities, leveraging deep data analytics skills to surface insights that go beyond financial reporting or surface-level symptoms

• AI Innovation & Future-Forward Auditing
• You’ll play an integral role in designing and developing the next

generation of internal audit advisory and assurance capabilities through automation and artificial intelligence. * Design, build and promote AI and other automation tools/capabilities within Internal Audit and across stakeholder functions, turning SOX and audit learnings and insights into operationalized innovative capabilities — e.g., building continuous monitoring capabilities, automating routine SOX compliance and audit activities, or automating manual operational controls * Stay ahead of emerging technology risks: GenAI governance, process automation risks, evolving regulatory requirements, AI in SOX compliance * Lead the transformation of Internal Audit's capabilities and service offerings by advancing the integration of AI and automation into core audit activities

• Executive Stakeholder Management
• High-visibility communication is a core part of this role. You’ll translate

technical complexity into business relevance for leaders who need to act on it. * Prepare and deliver clear, high-impact findings/insights and strategic opportunities to senior leadership, support preparation of Audit Committee-level reporting * Serve as the primary IT Internal Audit liaison to co-source partners and external auditors — driving alignment on strategy, methodology, audit coverage, timelines and program status * Build durable partnerships across Finance, Engineering, Legal, Privacy, and Security — contributing to Internal Audit’s role as a strategic business partner * Build and maintain a network of strong partnerships to build common ground for cooperation with key decision makers What We’re Looking For On Your Resume Required: * Bachelor’s degree in Accounting, Management Information Systems (MIS), Computer Science, or a related field * 8+ years of progressive experience in IT SOX compliance, IT Internal Audit, or Risk Advisory in Big 4 (or similar) or in-house internal audit function * Proven experience designing, implementing, and managing IT SOX compliance and assurance programs, with deep, hands-on expertise in COSO, SOX 404, and PCAOB audit standards — you’ve lived this, not just studied it * Experience auditing cloud-native, SaaS environments and automated business applications and ERPs (e.g., NetSuite, Salesforce, Workday) * Track record of implementing or optimizing AI/automated compliance and audit capabilities/tools * Proven ability to inform and influence at the executive level - influence without authority * Experience working in GRC tools (like Auditboard/Optro), or building home-grown solutions

• Technical Knowledge
• Mastery of IT general controls (ITGCs), IT application controls, and key

reports/interfaces in a SaaS environment * Fluency in key frameworks like COSO, COBIT, NIST CSF, ISO 27001/42001, SOC

1/SOC 2

* Hands-on experience auditing - and strong understanding of - technology and cybersecurity risk domains, including cloud environments, application architecture, SDLC, CI/CD, data governance, IAM, and operational resilience * Demonstrated proficiency using AI tools (e.g., Claude or equivalent) to accelerate audit workflows and improve manual operations — including project management, evidence analysis, control testing, and documentation — while maintaining professional skepticism and exercising sound judgment on when AI assistance is and is not appropriate * High proficiency with audit tools and engineering platforms like AuditBoard/Optro, Jira, ServiceNow, GitHub, GitLab, and CI/CD platforms * Certifications (one of the following)

* CISA

* CIA

* CISSP

Preferred: * Blend of both Big 4 (or similar) and in-house internal audit/SOX leadership roles * Experience working in a pre-IPO and/or newly public, high-growth, consumption/usage-based SaaS technology company environment * Certifications (additional credentials that signal breadth and depth)

* CPA

* CISM

* CRISC

* CGEIT

Forward-looking — a strong differentiator for AI-era candidates: * ISACA AAIA (Advanced in AI Audit) — signals active investment in AI governance and audit innovation What You Should Know About This Team * We're a growing, high-impact team that prioritizes pragmatic outcomes, operational excellence and strong partnerships. Quality, agility, curiosity and accountability are core to our organizational DNA. * We’re advisors and partners who happen to operate in the audit and assurance discipline. Control owners and business partners are customers of the audit function, not subjects of it. We leverage the Internal Audit Charter as a guiding tool, not a badge of authority. * We take independence seriously without letting it make us insular. We earn trust before deploying skepticism, and seek to understand before drafting conclusions. * We challenge the status quo and outdated processes, offering effective and scalable recommendations. We measure our success not by findings or completed projects, but by whether the business is more risk-intelligent and effective because of our work. * We're pragmatic by design. We balance methodological rigor with a bias toward action — we commit and move. * We thrive in ambiguity and are driven to leave things better than we found them. We invest in technology and innovation, and strive to build the best audit work of tomorrow. * If you prefer to wait for direction, this is not the right environment. But if you see an issue or an opportunity for improvement and immediately start working toward a scalable solution, welcome home. Our Team’s Favorite Perks and Benefits * Team cohesion is deeply important to us - we have frequent office events and regular team activities * Qualtrics Experience Program - $1,800 for an experience of your choosing (eligible after a year) * We take pride in our office design aimed at fostering creativity, in an open and collaborative workspace * 30 paid days off - 15 Vacation Days + 5 Personal Days + 10 Holiday Closures (additional after a year) * On top of standard benefits package (medical employees and their families, dental, vision, life insurance, etc), we provide free lunches every work day, snacks, and drinks The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life. #hybrid Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic. Applica