Technology AuditorLocation - Irvine, CAWhat You Will Be Doing We are hiring a Technology Auditor to strengthen our control testing and validation capability across the enterprise technology environment. In this role, reporting to the Technology Audit Manager, you will design and execute a risk-based control testing program across the technology stack-including cloud, applications, infrastructure, networks, identity, and security tooling-and provide clear, actionable results to technology and risk stakeholders.
You'll partner closely with control owners, engineers, and risk leaders to validate that controls are designed effectively and operating as intended, and to drive sustainable remediation where gaps are identified.
The key responsibilities of this role are as described below:
- Develop and maintain a control testing & validation plan aligned to the organization's technology risk landscape, including scope, frequency, methodology, and sampling approaches.
- Execute control design and operating effectiveness testing across technology domains (e.g., cloud, infrastructure, network, application, SDLC, IAM, logging/monitoring, vulnerability management, backup/DR).
- Create testing procedures and workpapers that are repeatable, audit-ready, and defensible; ensure evidence is complete, accurate, and traceable.
- Perform walkthroughs and interviews with technology stakeholders to confirm control intent, ownership, and implementation details.
- Validate control implementation technically (where applicable) by inspecting configurations, system settings, logs, tickets, and pipeline artifacts (e.g., CI/CD).
- Identify control gaps and root causes, assess risk impact, and provide clear recommendations and remediation guidance.
- Track and validate remediation activities and re-test controls to confirm closure.
- Produce concise reporting (test results, summaries, themes, and metrics) for IRM leadership and customers.
- Support internal/external audits and regulatory inquiries by providing documentation, testing artifacts, and control narratives.
- Continuously improve the control testing program through standardization, automation opportunities, and alignment to evolving technology.
Control Domains You May Cover - Cloud governance and security (e.g., AWS/Azure/GCP controls, configuration baselines)
- Identity & access management (SSO, MFA, privileged access, joiner/mover/leaver)
- Network security (segmentation, firewall rule governance, secure remote access)
- Infrastructure and endpoint controls (hardening, patching, EDR)
- Application controls (secure configuration, change management, access controls)
- SDLC / DevSecOps controls (code scanning, approvals, pipeline controls, secrets management)
- Logging, monitoring, incident response integration
- Vulnerability management (scanning, remediation SLAs, exception handling)
Basic Qualifications:- Experience: 5+ years of experience in technology audit, technology risk, or control testing/assurance. Proven experience performing control testing and validation (design and operating effectiveness), including sampling and evidence standards, across a broad spectrum of technology domains.
- Education: Bachelor's degree in Information Systems, Cybersecurity, Information Technology, Computer science or a related field.
- Technical Expertise: Ability to translate technical details into clear risk statements, issues, and practical remediation recommendations. Demonstrated strong documentation skills with the ability to produce audit-ready workpapers, test scripts, and results. Strong stakeholder management with the able to work effectively with engineers, control owners, leadership and customers. Knowledge of GRC tooling and workflows.
- Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.
Preferred Qualifications:- Experience: Experience as a Technology Auditor at a large professional services firm (e.g., Big 4 or similar) or comparable complex enterprise environment. Familiarity with control frameworks and standards such as COSO, COBIT, NIST, ISO 27001, and/or SSAE 16 requirements.
- Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, CISA are highly desirable.
- Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.
Team Culture:The team fosters a high-performance, collaborative environment centered around proactive technology risk management and excellent customer service. Members are expected to lead with accountability, communicate effectively across functions, and adapt to dynamic challenges. The culture values technical excellence, continuous improvement, and global coordination, ensuring technology risks are well managed.
Base Salary Range: $85,000 - $114,000 
