Notion

Lead, IT Audit

Notion$185K — $220K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 12+ years in IT audit or technology risk, with Big 4 and high-growth tech experience.
  • Strong understanding of PCAOB standards, SEC requirements, COSO, COBIT, NIST and ITIL frameworks.
  • Proven track record of managing operational IT audits from planning to reporting.
  • Experience in cybersecurity audits with familiarity in NIST CSF, ISO 27001, SOC 2, GDPR, and CCPA frameworks.
  • Hands-on experience with modern cloud technology stacks like AWS, GCP, or Azure.
  • Demonstrated process leadership and continuous improvement skills.
  • Bachelor's degree in a relevant field and at least one certification (CISA, CISSP, etc.).

Responsibilities

  • Own the full IT SOX lifecycle, enhancing automation and efficiency in controls.
  • Design and continuously improve technology controls for various IT processes.
  • Conduct operational IT and cybersecurity audits across diverse technological areas.
  • Advise on cross-functional initiatives, ensuring sound controls from day one.
  • Manage the identification and remediation of IT control deficiencies.
  • Promote AI and modern tooling to enhance the effectiveness of IT audits.

Benefits

  • Hybrid work model with specific in-office days for team collaboration.
  • Opportunity to work in a high-impact role with cross-functional exposure.
  • Engagement in emerging technologies like AI for process improvement.
  • Supportive work culture encouraging professional growth and ownership.
Full Job Description
About the Role:

We are seeking a strategic and technically fluent Lead, IT Audit to join our Finance team reporting to the Head of Internal Audit. This is a broad, high-impact role spanning both IT SOX compliance and operational IT audits. You will help establish and elevate our technology controls program end to end - owning the IT SOX lifecycle, designing the IT general and application controls framework, embedding AI and automation into how we test and monitor controls, and delivering value-added operational IT and cybersecurity audits that strengthen how the company builds and runs its systems. You will partner with leaders across Engineering, Security, IT, Finance, and the business to ensure sound technology controls are built into how the company operates as we scale. This role is ideal for someone who thinks like a builder, not just an auditor - someone who can translate complex control and security requirements into practical, scalable processes in a fast-moving SaaS environment with modern cloud architecture and complex data flows.

This role can be based in either San Francisco or New York City. We work from our offices on Mondays, Tuesdays and Thursdays (our Anchor Days) because we do our best thinking and building together in person. We're looking for someone who's excited to work alongside the team during those days.

What You'll Achieve:
  • Own the full IT SOX lifecycle - scoping, risk assessment, documentation, walkthroughs, testing, deficiency evaluation, remediation, and reporting - driving automation and efficiency across IT general controls (ITGCs) and IT application controls (ITACs)
  • Design, operate, and continuously improve technology controls spanning user access and segregation of duties, change management, SDLC and CI/CD pipelines, interfaces, data flows, and system-generated reports
  • Design and execute value-added operational IT and cybersecurity audits - across cloud infrastructure, security operations, identity and access management, data protection and privacy, disaster recovery and resilience, and vendor and third-party risk - while driving enterprise-level technology risk assessment that anticipates emerging risks before they materialize
  • Serve as a strategic advisor on cross-functional initiatives (product launches, new systems, architecture changes, M&A) and as the primary point of contact for external auditors, ensuring sound controls are built in from day one and audit evidence is complete, clear, and timely
  • Own IT control deficiencies from identification through sustained remediation while partnering with and educating system owners to build a culture of ownership and accountability
  • Champion the adoption of AI and modern tooling - from automated control testing and anomaly detection to continuous monitoring and AI-assisted documentation - to make the IT audit function smarter, faster, and more forward-looking


Skills You'll Need to Bring:
  • 12+ years of progressive IT audit, IT SOX, or technology risk experience, with a combination of Big 4 and high-growth technology company experience
  • Deep, hands-on ownership of IT SOX/ITGC programs, with a strong understanding of PCAOB standards, SEC requirements, and frameworks such as COSO, COBIT, NIST, and ITIL
  • Demonstrated experience designing and leading operational IT audits end to end - including annual planning, risk-based scoping, fieldwork, and reporting - across areas such as IT operations, infrastructure resilience, disaster recovery and business continuity, capacity and availability management, and IT vendor and third-party risk
  • Strong cybersecurity audit experience with working fluency in frameworks and regulations such as NIST CSF, ISO 27001, SOC 2, GDPR, and CCPA, and the ability to translate them into practical, testable controls
  • Software or SaaS industry experience is a must - particularly modern cloud-based technology stacks (AWS, GCP, Azure), software development lifecycles, and complex data flows - paired with strong technical knowledge across cloud security configurations, identity and access management, change management, DevOps and CI/CD pipelines, and enterprise IT operations risks and controls
  • Process leadership - a track record of building functions, designing new processes and policies, and driving continuous improvement
  • Bachelor's degree in Information Systems, Computer Science, Accounting, or a related field; CISA, CISSP, CISM, CIA, CPA, or equivalent certification required
  • Strong stakeholder management and communication skills, with the ability to translate complex technical and audit topics into clear language and influence partners across all levels of the organization


Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role's scope and complexity, and the candidate's experience and expertise, and may vary from the range provided below. For roles based in San Francisco, the estimated base salary range for this role is $185,000 - $220,000 per year.

#LI-Onsite
A Note on AI

You don't need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, drawn to tinkering and discovery, and excited to use AI as a real collaborator in their work. For some roles, AI fluency is a core requirement - when that's the case, we'll say so explicitly in the qualifications. People who thrive here don't treat AI as a novelty. They use it to think better, and make their work easier for others to build on.

About Notion

Notion is a software company that provides a productivity and collaboration platform for teams. The company's platform offers a range of features, including note-taking, project management, and task tracking. Notion's software is designed to help teams streamline their workflows and improve their productivity. The company was founded in 2016 and is headquartered in San Francisco, California.
Learn more about Notion
Size
300 employees
Industry
Net Income
-$80 million
Founded
2016
Revenue
$80 million
NASDAQ

Similar Jobs

More Jobs at Notion

More Information Technology Jobs

Find similar Lead, IT Audit jobs: