Lead, IT Audit and Technology Risk
$185k - $220kNotion
Who We Are Notion is the collaborative AI workspace where teams and agents think together. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion. Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, building things that last, and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work, we care deeply about giving our customers more time for their life’s work. About the Role: We are seeking a strategic and technically fluent Lead, IT Audit to join our Finance team reporting to the Head of Internal Audit. This is a broad, high-impact role spanning both IT SOX compliance and operational IT audits. You will help establish and elevate our technology controls program end to end — owning the IT SOX lifecycle, designing the IT general and application controls framework, embedding AI and automation into how we test and monitor controls, and delivering value-added operational IT and cybersecurity audits that strengthen how the company builds and runs its systems. You will partner with leaders across Engineering, Security, IT, Finance, and the business to ensure sound technology controls are built into how the company operates as we scale. This role is ideal for someone who thinks like a builder, not just an auditor — someone who can translate complex control and security requirements into practical, scalable processes in a fast-moving SaaS environment with modern cloud architecture and complex data flows. This role can be based in either San Francisco or New York City. We work from our offices on Mondays, Tuesdays and Thursdays (our Anchor Days) because we do our best thinking and building together in person. We’re looking for someone who’s excited to work alongside the team during those days. What You'll Achieve: Own the full IT SOX lifecycle — scoping, risk assessment, documentation, walkthroughs, testing, deficiency evaluation, remediation, and reporting — driving automation and efficiency across IT general controls (ITGCs) and IT application controls (ITACs) Design, operate, and continuously improve technology controls spanning user access and segregation of duties, change management, SDLC and CI/CD pipelines, interfaces, data flows, and system-generated reports Design and execute value-added operational IT and cybersecurity audits — across cloud infrastructure, security operations, identity and access management, data protection and privacy, disaster recovery and resilience, and vendor and third-party risk — while driving enterprise-level technology risk assessment that anticipates emerging risks before they materialize Serve as a strategic advisor on cross-functional initiatives (product launches, new systems, architecture changes, M&A) and as the primary point of contact for external auditors, ensuring sound controls are built in from day one and audit evidence is complete, clear, and timely Own IT control deficiencies from identification through sustained remediation while partnering with and educating system owners to build a culture of ownership and accountability Champion the adoption of AI and modern tooling — from automated control testing and anomaly detection to continuous monitoring and AI-assisted documentation — to make the IT audit function smarter, faster, and more forward-looking Skills You'll Need to Bring: 12+ years of progressive IT audit, IT SOX, or technology risk experience, with a combination of Big 4 and high-growth technology company experience Deep, hands-on ownership of IT SOX/ITGC programs, with a strong understanding of PCAOB standards, SEC requirements, and frameworks such as COSO, COBIT, NIST, and ITIL Demonstrated experience designing and leading operational IT audits end to end — including annual planning, risk-based scoping, fieldwork, and reporting — across areas such as IT operations, infrastructure resilience, disaster recovery and business continuity, capacity and availability management, and IT vendor and third-party risk Strong cybersecurity audit experience with working fluency in frameworks and regulations such as NIST CSF, ISO 27001, SOC 2, GDPR, and CCPA, and the ability to translate them into practical, testable controls Software or SaaS industry experience is a must — particularly modern cloud-based technology stacks (AWS, GCP, Azure), software development lifecycles, and complex data flows — paired with strong technical knowledge across cloud security configurations, identity and access management, change management, DevOps and CI/CD pipelines, and enterprise IT operations risks and controls Process leadership — a track record of building functions, designing new processes and policies, and driving continuous improvement Bachelor's degree in Information Systems, Computer Science, Accounting, or a related field; CISA, CISSP, CISM, CIA, CPA, or equivalent certification required Strong stakeholder management and communication skills, with the ability to translate complex technical and audit topics into clear language and influence partners across all levels of the organization Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco, the estimated base salary range for this role is $185,000 - $220,000 per year. By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy. #LI-Onsite A Note on AI You don’t need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, drawn to tinkering and discovery, and excited to use AI as a real collaborator in their work. For some roles, AI fluency is a core requirement — when that’s the case, we'll say so explicitly in the qualifications. People who thrive here don’t treat AI as a novelty. They use it to think better, and make their work easier for others to build on. Equal Opportunity & Accommodations We hire talented people from a wide range of backgrounds. If you’re excited about this role but don’t meet every bullet, we still encourage you to apply. Notion is an equal opportunity employer and does not discriminate on the basis of any legally protected characteristic. Consistent with applicable law, we will consider for employment qualified applicants with arrest and conviction records. Notion provides reasonable accommodations during the application process; if you need one, please let your recruiter know. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.
- PwC South Africa is seeking an IT Audit/Controls Manager in San Francisco to deliver internal audit services. You will guide teams, manage client expectations, and utilize innovative technologies to optimize audit processes. The role emphasizes strategic planning, mentoring...Risk
$170k - $220k
...Distyl is an applied AI technology company partnering with... .... Distyl is backed by leading investors including Lightspeed... ...Looking For As Head of IT, you will build and... ...Operations Security & Risk Management Establish... ...diligence requests, audits, and enterprise compliance...RiskWork at officeRemote work$249.6k - $312k
DoorDash is seeking a Senior Director, IT Internal Audit to shape and lead their global IT audit function. This role focuses on defining IT audit strategies, managing technology risks, and overseeing audits related to cybersecurity and AI governance. Ideal candidates will...Risk$124k - $280k
SwiftCruit, located in San Francisco, California, is seeking a Senior Manager in IT Audit/Controls to lead large projects and improve internal audit processes. This role focuses on ensuring regulatory compliance and enhancing the reliability of financial statements. Candidates...Risk$99k - $232k
PowerToFly is seeking a Manager for their Internal Audit Generalist team in San Francisco, CA. This role focuses on delivering high-quality... ...'s Degree, 5 years of relevant experience, and proficiency in risk assessment and controls testing. The position offers a salary...Risk$142.6k - $261.5k
...change. And with change comes risk. As a Risk Technology professional, you will be... ...controls monitoring, and IT risk management. You will belong... .... Since EY is a global leading service provider in this... ...Foundational understanding of auditing and assessing Oracle...RiskWork experience placementSummer holidayFlexible hours$150k - $205k
...San Francisco seeks an Assurance Senior Manager for Technology Risk Assurance. In this role, you will lead audit teams, ensuring adherence to established standards... ...ideal candidate has over eight years of experience in IT audit and relevant certifications like CPA or CISA....Risk- A technology leader in real estate solutions is seeking a Technology Risk and Controls Manager to improve risk management across its cloud-native products. The applicant... ...5 to 8 years of experience in technology audit or IT risk management. Responsibilities include assessing...Risk
$99k - $297k
Digital Assurance & Transparency - IT Audit Manager Financial Services Save... ...to understand the systems and technologies our clients use and how they can mitigate risk. As a Digital Assurance and Transparency... .... Responsibilities Lead teams and manage client accounts...RiskH1b- ...legacy systems with AI-native technology that automates 90% of the manual... ...founded by a team of Banking IT experts and AI researchers... ...What you'll do As an Engagement Lead, you will translate ambitious... ...outcomes, expansion strategy, and risk management. You'll own the...Risk
$130k - $180k
...history, you farmed or you starved. Technology gave people more time for the... ...equipment category, with lead-time and capacity thresholds tied... ...flow. Anticipate inventory risks, both depletion and overstock,... ...and built the systems behind it, not just executed counts....RiskLocal area$2,000 per month
...Column For companies building financial technology and transforming the financial services... ...Partner with Solutions Engineering, Legal, Risk, and Compliance to structure solutions... ...you're building pipeline, not waiting for it. Team & Playbook Building Contribute...RiskWork at officeRemote workFlexible hours$150k - $205k
Job Summary The Assurance Senior Manager, Technology Risk Assurance is responsible for acting as an IT audit technical resource to clients and internal stakeholders... ...process. In this role, the Assurance Senior Manager leads teams in planning and performing IT risk and...RiskWork at office$102k - $162.89k
Baker Tilly Advisory Group, LP in San Francisco is seeking an IT Audit, Cybersecurity & Risk Experienced Consultant. This role involves collaborating with clients to identify and mitigate IT risks, providing strategic advice, and conducting audits. The ideal candidate...Risk$198k - $250k
About The Role The Technology Risk Manager is a senior individual contributor... ..., infrastructure, and IT. You’ll act as the primary owner... ...experience in technology risk, IT audit, cybersecurity, or... ...track record as a senior IC leading complex, cross‑functional risk...RiskWork at officeLocal areaRemote workWorldwide3 days per week- ...Jira Lead Admin Employment Type: Full‑Time, Mid Level Department: Information Technology CGS is seeking a talented Jira Lead Administrator who... ...transformation in the federal IT domain to join our growing... ...Security Clearance (moderate risk public trust) Atlassian certified...RiskFull timeFlexible hours
$77k - $202k
PwC is seeking an IT Audit/Controls - Senior Associate in San Francisco, California. In this role, you'll conduct audits... ...compliance, and work with clients to address various risks while leveraging AI technologies. The ideal candidate holds a Bachelor’s degree, with at...Risk$77k - $202k
PwC South Africa, located in San Francisco, is seeking a Senior Associate for their IT Audit/Controls team. This individual will conduct comprehensive audits, evaluate compliance, and utilize cutting-edge tools to deliver internal audit services across various industries...Risk$102.5k - $209.4k
...core part of our DNA across our audit, tax, and consulting groups.... ...as AI-enabled insights and technology-powered solutions, to enhance... ...seeking a SALT Manager to join our Lead Tax Services group. In this... ...their goals with tax, advisory, risk and performance services....RiskFull timeWork at officeLocal areaRemote workWorldwide$77k - $202k
...Associate in San Francisco. This role involves providing enterprise risk and controls solutions, conducting risk assessments, mentoring... ...Degree in relevant fields and 2 years of experience. Knowledge of IT controls and proficiency in Oracle or SAP is preferred. A...Risk$160k - $250k
...history, you farmed or you starved. Technology gave people more time for the... ...! About The Role As Cost Lead, you will own cost management... ...contingency tracking and cost risk registers across project phases... ...), emergency power, and IT fit‑out Understands how design...RiskContract workFor subcontractorLocal area$190k - $210k
...owners use to run their business. It powers everything from the... ...these same problems. Huge technology corporations are taking their... ...function has already built churn risk signals, CSM engagement scoring... ...using a data-backed approach, and leading the follow-through. As a Lead...RiskWork at officeLocal areaRemote work$85k
...tools owners use to run their business. It powers everything from the restaurant's... ...struggling with these same problems. Huge technology corporations are taking their customers,... ...We are hiring an IT Asset Management Lead to own this end-to-end. You will be the single...Work at officeLocal areaRemote work$77k - $202k
...Requirements: Up to 60% The Opportunity As an IT Audit/Controls - Senior Associate, you will... ...across various industries. Within our Risk Consulting practice, you will focus on... ...audit functions using AI and other risk technologies. As a Senior Associate, you will build...RiskFull time$77k - $202k
Job Description & Summary As an IT Audit/Controls - Senior Associate, you will play a pivotal... ...across various industries. Within our Risk Consulting practice, you will focus on... ...audit functions using AI and other risk technologies. As a Senior Associate, you will build meaningful...RiskFull time$77k - $202k
...to 60% At PwC, our people in audit and assurance focus on providing... ...assessing governance and risk management processes and related... ...services, using AI and other risk technology and delivery models. IA... ...and controls testing Address IT management and cyber-related risks...RiskFull timeH1b- ...to return time. As the leading AI Time platform for professional... ...machine learning technology automates work time... ...and data—and help build it from the ground up.... ...transparency, explainability, risk boundaries). Privacy,... ...and Compliance on audits, certifications, and trust...RiskRelocation package
$144.9k - $265.8k
...world. The opportunity EY’s Digital Risk practice is supporting leading Technology, Media & Telecommunications (TMT)... ...and implementation of scalable, audit-ready risk and compliance frameworks... ...with stakeholders (e.g., finance, IT, engineering) to deliver clear, actionable...RiskSummer holidayFlexible hours- ...Corporate Security Engineer, Lead at Sierra, you will... ...capability within IT — establishing the operating... .... Own the centralized risk register and drive... ...integration landscape by auditing and governing OAuth applications... .... We are the best technology company for parents. We...RiskFull timeFlexible hours
$230k - $260k
...About GoodLeap GoodLeap is a technology company delivering best-in-class financing... ...looking for a Director of Product to lead the fraud and risk function for our consumer products. This... ...meet regulatory requirements and are audit‑ready. Communicate risks, trends, and...Risk
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Lead, IT Audit and Technology Risk. Be the first to apply!
- risk assurance San Francisco, CA
- geopolitical risk San Francisco, CA
- risk underwriter San Francisco, CA
- technology risk San Francisco, CA
- IT software development manager San Francisco, CA
- entry level IT tech San Francisco, CA
- senior information technology consultant San Francisco, CA
- IT training San Francisco, CA
- IT trainee San Francisco, CA
- IT lead San Francisco, CA


