Lead, IT Audit and Technology Risk

Remote $185k–$220k lead 4 days ago full-time quality 8.7/10

Role in brief

Notion is looking for a Lead, IT Audit and Technology Risk to manage IT SOX compliance and conduct operational IT audits. This role involves overseeing technology controls and cybersecurity within a SaaS environment, with a focus on automation and risk assessment. Candidates with extensive IT audit experience in high-growth tech companies, particularly with cloud-based stacks, should apply.

IT auditIT SOXtechnology riskcloud securitycybersecuritySaaSAWSGCPAzureDevOpsCI/CD

About the role

This role involves leading the entire IT SOX lifecycle, from scoping and risk assessment to documentation, testing, and remediation. A key responsibility is to drive efficiency and automation for IT general controls and application controls. The position also requires continuous improvement of technology controls related to user access, change management, and CI/CD pipelines.

The Lead will design and execute operational IT and cybersecurity audits across various domains, including cloud infrastructure, security operations, and data protection. A critical aspect is to conduct enterprise-level technology risk assessments to proactively identify emerging risks. This role also acts as a strategic advisor for cross-functional initiatives and the primary contact for external auditors.

Success in this position means owning IT control deficiencies from identification through sustained remediation, fostering a culture of accountability among system owners. The role also emphasizes championing the adoption of AI and modern tools to enhance the IT audit function, making it more efficient and forward-looking through automated testing, continuous monitoring, and AI-assisted documentation.

The estimated base salary range for this role, when based in San Francisco, is $185,000 to $220,000 per year.

Skills that matter here

  • IT audit: This role requires leading the full lifecycle of IT audits, including planning, scoping, fieldwork, and reporting.
  • IT SOX: The position involves hands-on ownership of IT SOX programs, ensuring compliance with relevant standards and frameworks.
  • technology risk: A core responsibility is to conduct enterprise-level technology risk assessments and advise on risk mitigation strategies.
  • cloud security: The role involves auditing cloud infrastructure and security configurations, requiring strong technical knowledge in this area.
  • AWS: Experience with modern cloud platforms like AWS is essential for auditing cloud-based technology stacks.
  • DevOps: The role includes designing and improving controls related to DevOps and CI/CD pipelines.

Who this role suits

  • A person who thrives on owning end-to-end processes and driving automation in compliance functions.
  • Someone with a strong background in both Big 4 accounting firms and high-growth technology companies.
  • An individual who can translate complex technical and audit topics into clear language for various stakeholders.
  • A leader who actively seeks to adopt new technologies like AI to improve audit processes.

From the employer

What You'll Achieve:

  • Own the full IT SOX lifecycle — scoping, risk assessment, documentation, walkthroughs, testing, deficiency evaluation, remediation, and reporting — driving automation and efficiency across IT general controls (ITGCs) and IT application controls (ITACs)
  • Design, operate, and continuously improve technology controls spanning user access and segregation of duties, change management, SDLC and CI/CD pipelines, interfaces, data flows, and system-generated reports
  • Design and execute value-added operational IT and cybersecurity audits — across cloud infrastructure, security operations, identity and access management, data protection and privacy, disaster recovery and resilience, and vendor and third-party risk — while driving enterprise-level technology risk assessment that anticipates emerging risks before they materialize
  • Serve as a strategic advisor on cross-functional initiatives (product launches, new systems, architecture changes, M&A) and as the primary point of contact for external auditors, ensuring sound controls are built in from day one and audit evidence is complete, clear, and timely
  • Own IT control deficiencies from identification through sustained remediation while partnering with and educating system owners to build a culture of ownership and accountability
  • Champion the adoption of AI and modern tooling — from automated control testing and anomaly detection to continuous monitoring and AI-assisted documentation — to make the IT audit function smarter, faster, and more forward-looking

Skills You'll Need to Bring:

  • 12+ years of progressive IT audit, IT SOX, or technology risk experience, with a combination of Big 4 and high-growth technology company experience
  • Deep, hands-on ownership of IT SOX/ITGC programs, with a strong understanding of PCAOB standards, SEC requirements, and frameworks such as COSO, COBIT, NIST, and ITIL
  • Demonstrated experience designing and leading operational IT audits end to end — including annual planning, risk-based scoping, fieldwork, and reporting — across areas such as IT operations, infrastructure resilience, disaster recovery and business continuity, capacity and availability management, and IT vendor and third-party risk
  • Strong cybersecurity audit experience with working fluency in frameworks and regulations such as NIST CSF, ISO 27001, SOC 2, GDPR, and CCPA, and the ability to translate them into practical, testable controls
  • Software or SaaS industry experience is a must — particularly modern cloud-based technology stacks (AWS, GCP, Azure), software development lifecycles, and complex data flows — paired with strong technical knowledge across cloud security configurations, identity and access management, change management, DevOps and CI/CD pipelines, and enterprise IT operations risks and controls
  • Process leadership — a track record of building functions, designing new processes and policies, and driving continuous improvement
  • Bachelor's degree in Information Systems, Computer Science, Accounting, or a related field; CISA, CISSP, CISM, CIA, CPA, or equivalent certification required
  • Strong stakeholder management and communication skills, with the ability to translate complex technical and audit topics into clear language and influence partners across all levels of the organization

What the Company Offers:

  • Notion is committed to providing highly competitive cash compensation, equity, and benefits.
  • The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below.
  • For roles based in San Francisco, the estimated base salary range for this role is $185,000 - $220,000 per year.

Questions about this role

What is the remote work policy for this role?

This is a fully remote position.

What level of experience is required for this position?

Candidates should have 12+ years of progressive experience in IT audit, IT SOX, or technology risk, and the role is at a lead seniority level.

What are the key technical skills needed for this role?

Key technical skills include IT audit, IT SOX, technology risk, cloud security, cybersecurity, SaaS, AWS, GCP, Azure, DevOps, and CI/CD.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to Notion.