Manager, Technology Risk and SOX

A Day in the Life:

We are seeking a Manager, Technology Risk to join our Business Transformation team. This hands-on role requires both technical and functional expertise, focusing on maturing an effective cloud-based IT environment. You’ll lead efforts in internal controls, system implementations, and audits, including SOX compliance, SOC 1/SOC 2 audits, and ISO 27001 assessments. Your work will directly support AppLovin’s goals and objectives in a fast-paced, high-growth public company.

This role is ideal for an experienced professional with strong knowledge of IT risks in SaaS, looking for a broad range of responsibilities in a dynamic environment.

The Impact You’ll Make:

• Lead and manage SOX compliance for IT and Technology, including planning, scoping, testing, and reporting on key controls.
• Lead and mentor a team of internal auditors, fostering a culture of continuous improvement, innovation, and professional growth.
• Identify, assess, and mitigate technology risks, particularly in cloud infrastructure, system integrations, and software development processes.
• Develop and implement Sarbanes-Oxley IT policies, procedures, and work standards in line with SEC requirements and PCAOB guidance.
• Build strong relationships with key stakeholders, including Engineering, IT, InfoSec, Legal, and Accounting, to gain a thorough understanding of their operations and identify risk mitigations and areas for improvement.
• Collaborate with IT control owners, Information Security, Infrastructure Engineering, and other stakeholders to ensure the quality, consistency, and scalability of controls that address operational, technical, and financial risks.
• Conduct risk assessments for technology systems to ensure early identification of risks and integration of controls into business processes.
• Oversee the evaluation and testing of IT general controls (ITGCs), application controls, and automated controls within cloud and technology systems.
• Communicate SOX findings and recommendations to senior leadership and control owners, while supporting external auditors in their assessments and addressing any identified deficiencies.
• Stay informed about industry best practices for IT and technology risk management, adapting these strategies to the company’s needs.
• Monitor emerging regulations and industry standards affecting IT controls, adjusting audit plans and strategies accordingly.
• Contribute to the continuous improvement of SOX and risk processes, including training and guiding team members, consultants, and stakeholders on compliance and risk management best practices.
• Support internal and external audits by providing insights into IT-related SOX risks and assisting with remediation efforts.

Who You Are:

• CISA, CISSP, CRISC, CISM CPA, or CIA certification.
• 6+ years of experience in SOX compliance, IT risk management, or technology audit roles, with a focus on technology risks and cloud-based environments.
• Experience in public accounting and understanding of SEC and PCAOB requirements
• Experience operating in high growth technology companies
• Proficiency in SOX, IT general controls (ITGCs), and internal control frameworks such as COSO, COBIT, and NIST.
• Proven ability to assess and mitigate risks within cloud platforms (AWS, Azure, GCP) and IT environments.
• Solid understanding of modern technology stacks, IT processes, and the software development lifecycle (SDLC).
• Strong communication skills, able to explain complex technology risks to both technical and non-technical stakeholders.
• Experience leading SOX projects, managing teams, and coordinating with external auditors.
• Critical thinking and problem-solving skills with the ability to assess IT processes and solve complex problems.
• Excellent interpersonal and organizational skills, with the ability to manage multiple projects and meet deadlines in a fast-paced environment.

Added Bonus:

• Experience in technology operations for software/SaaS companies.
• Familiarity with tools like GitHub, Jenkins, Jira, Okta, NetSuite, Workday, Salesforce, and Tipalti.
• Deep technical knowledge across IT areas including software development, IT infrastructure, cloud technology, network operations, and cybersecurity.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on March 12, 2024.

Please see the independent bias audit report covering our use of Covey here.