Logo for Kraken

SOX Auditor - IT Controls Manager

Role overview

Qualifications

  • 8+ years of experience in IT audit, internal audit, external audit, or SOX compliance
  • CISA and CPA certifications required
  • Strong knowledge of ITGC frameworks, SOX compliance requirements, COSO, COBIT, and PCAOB auditing standards
  • Effective communicator who can translate technical IT audit findings

Responsibilities

  • Lead the execution of independent testing of IT General Controls (ITGCs) across key control domains
  • Document testing procedures and results to meet Internal Audit and external auditor quality standards
  • Independently validate the remediation of open SOX findings
  • Serve as a trusted Internal Audit point of contact for IT control owners

About the company

Kraken logo

Kraken

Fintech: Finance + Technology

As one of the largest and most trusted digital asset platforms globally, we are empowering people to experience the life-changing potential of crypto. Trusted by over 8 million consumer and pro traders, institutions, and authorities worldwide - our unique combination of products, services, and global expertise is helping tip the scales towards mass crypto adoption. But we’re only just getting started. We want to be pioneers in crypto and add value to the everyday lives of billions. Kraken is backed by investors including, Money Partners Group, Hummingbird Ventures, Blockchain Capital, and Digital Currency Group, among others. "We are empowering people to live simply, efficiently and more connected to others. We put our clients’ best interests first and foremost. They are at the heart of our company and drive everything we do. We believe in having a laser focus when pursuing our strategic goals and participate only in markets where we can make a significant contribution. We believe in complete transparency, deep collaboration and we never forget that people come first. Having this mindset allows us to grow and advance at a rate which others cannot." Jesse Powell, CEO of Kraken

Company details

Company typeSME
IndustryFintech: Finance + Technology
Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Building the Future of Open Finance

Payward - the parent company behind Kraken, NinjaTrader, Breakout, xStocks, Payward Services and CF Benchmarks - has spent the last 15 years building one of the most modern and globally accessible financial infrastructure platforms in the industry, built to advance an open, global financial system.


Before you apply, we encourage you to explore our culture page to understand what drives us and how we work.

The team

Founded in 2011, Kraken is one of the world's longest-standing crypto platforms, trusted by over 10 million individuals and institutions across the globe. It offers spot trading, margin, futures, staking, and OTC services, with products built for both individual investors and institutional clients.

 

Payward's Risk & Audit function operates as an Integrated Assurance organization, bringing together Internal Audit and Enterprise Risk Management under a unified risk oversight strategy. The function spans SOX Compliance, Enterprise Risk Management, and Internal Audit across multiple regulated entities and jurisdictions. The Audit team partners with co-sourced providers, maintains direct reporting lines to the Global and Local Audit Committee Chairs, and is building a technology-forward assurance capability at the forefront of crypto and financial innovation.

 

This role sits within Internal Audit and will lead the independent testing of IT general controls and IT application controls across the SOX program. You will assess whether controls over access management, change management, system operations, and application-level processes are designed and operating effectively, providing the assurance that the Audit Committee, external auditors, and regulators rely on.

 

The opportunity

You will lead Internal Audit’s IT SOX controls testing program building the testing approach, workpapers, and institutional knowledge from the ground up. This is a hands-on role with real program ownership and you’ll be doing it at a crypto exchange — where the technology stack spans blockchain-native infrastructure, digital asset custody systems, on-chain and off-chain processing, and a pace of engineering change that most companies never encounter. The systems are complex, the deployments are frequent, and the controls are consequential. If you want an IT SOX role where the tech is genuinely interesting and the stakes are real, this is it.

 

Responsibilities span the following areas:

ITGC SOX controls testing

  • Lead the execution of independent testing of IT General Controls (ITGCs) across key control domains: access management, change management, and system operations.

  • Evaluate the design and operating effectiveness of IT controls across in-scope applications and infrastructure, including systems that support blockchain-native operations, digital asset custody, and crypto trading platforms. Document testing procedures and results to meet Internal Audit and external auditor quality standards.

  • Identify new systems, applications, or process changes that emerge during testing and assess their SOX implications in coordination with the SOX Compliance team.

  • Build and maintain testing programs, templates, and workpapers that create a repeatable, scalable foundation for IT SOX testing.

  • Identify opportunities to leverage AI-enabled workflows and data analytics to improve testing coverage and efficiency across IT control domains.

 

Remediation validation & issue management

  • Independently validate the remediation of open SOX findings, including material weaknesses and significant deficiencies, across ITGC control areas.

  • Evaluate control deficiencies by performing root cause analysis and assessing the severity and pervasiveness of exceptions to inform deficiency classification.

  • Assess whether management’s remediation actions are adequately designed and operating effectively before closing findings.

  • Track remediation progress, escalate delays or gaps, and report status to Internal Audit leadership and the Audit Committee as required.

  • Coordinate with the SOX Compliance team to ensure alignment on remediation expectations, timelines, and evidence requirements.

 

Stakeholder engagement & reporting

  • Serve as a trusted Internal Audit point of contact for IT control owners across Engineering, Infrastructure, Security, and IT Operations. Bridge the gap between audit methodology and engineering culture — these teams speak a different language than accountants, and you need to be fluent in both.

  • Contribute to Internal Audit reporting to the Audit Committee, external auditor, and senior leadership on IT SOX testing coverage, findings, and remediation status.

  • Partner with the business process SOX tester and co-sourced resources to ensure coordinated testing coverage across the full SOX program.

 

What you bring

  • 8+ years of experience in IT audit, internal audit, external audit, or SOX compliance, with significant exposure to IT general controls testing.

  • Experience in crypto, fintech, payments, or technology-intensive environments with complex, rapidly evolving infrastructure.

  • CISA and CPA certifications required. Candidates with one certification who are actively pursuing the other will be considered.

  • Strong knowledge of ITGC frameworks, SOX compliance requirements, COSO, COBIT, and PCAOB auditing standards as they apply to IT controls.

  • Hands-on experience testing ITGCs across access management, change management, and system operations.

  • Technical fluency with enterprise technology environments — you don’t need to be an engineer, but you need to understand how systems, databases, and deployment pipelines work to effectively test the controls around them.

  • Understanding of how IT controls underpin the reliability of financial reporting — you can connect an ITGC failure to its downstream impact on business process controls and the financial statements.

  • Experience working with or alongside external auditors (Big 4 preferred) on SOX engagements.

  • Experience operating across multi-entity structures or multiple jurisdictions.

  • Effective communicator who can translate technical IT audit findings for control owners, engineering teams, senior leadership, and external stakeholders.

 

Nice to haves

  • Familiarity with blockchain infrastructure, digital asset custody systems, on-chain transaction processing, or crypto-native technology environments.

  • Experience with CI/CD pipelines, GitLab or similar version control systems, cloud infrastructure (AWS, GCP), and modern deployment practices.

  • Prior experience building or scaling an IT SOX testing program in a growth-stage or first-year SOX company.

  • Familiarity with audit management platforms such as AuditBoard or Workiva.

  • Familiarity with AI-assisted audit tools and willingness to adopt emerging technologies.

Unless a specific application deadline is stated in the job posting, applications are accepted on an ongoing basis.

Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.

We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Payward is powered by people from around the world and we celebrate the diverse talents, backgrounds, contributions, and unique perspectives that everyone brings to the table. We hire based on merit, seeking out people with the right abilities, knowledge, and skills for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgeable about crypto.

We may ask candidates to complete job-related skills or work-style assessments as part of our hiring process. These assessments evaluate competencies relevant to the role and are applied consistently across candidates for similar positions. Results are considered alongside experience and interviews, and are not the sole basis for any employment decision.

As an equal opportunity employer, we don't tolerate discrimination or harassment of any kind, whether based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status, or any other protected characteristic as outlined by federal, state, or local laws.

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn


Candidate Privacy Notice

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

IT Auditor Related jobs

Other jobs at Kraken

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.