Internal Audit Lead - IT Controls For Homegrown Systems

Internal Audit Lead – It Controls For Homegrown Systems

We are seeking an experienced Internal Audit Lead – IT Controls for Homegrown Systems to join our internal audit function, reporting directly to the head of internal audit. This role will take ownership of SOX IT controls testing and assurance activities, with a strong emphasis on IT general controls (ITGCs), IT automated controls, and key report testing with a primary focus on homegrown business systems/applications. Some projects may also involve third-party SaaS platforms. In addition, the role will contribute to broader IT and data-focused internal audit projects and advisory initiatives, driving value-added insights and strengthening the overall governance and internal controls environment. This is a senior level role that combines hands-on testing and evaluation with leadership, oversight, and stakeholder engagement.

Responsibilities include:

• Leading the planning, execution, and oversight of SOX testing for IT general controls (ITGCs), IT automated controls, and key reports for homegrown systems

• Assisting in the annual IT SOX scoping and risk assessment process in alignment with the overall ICFR and SOX program.

• Conducting and leading walkthroughs and design/effectiveness testing of IT controls across homegrown and third-party systems

• Coordinating evidence collection, managing remediation efforts, and ensuring timely closure of audit gaps.

• Overseeing the work of co-sourced as well as internal team members and reviewing their work to ensure high-quality, consistent results.

• Identifying control deficiencies and working with management to design effective remediation approaches and measures.

• Monitoring changes to business processes and applying independent judgment to evaluate the potential impact to the control environment and recommend necessary improvements.

• Managing and updating all ICFR/SOX 404 documentation as required including COSO framework mapping, process and control narratives/flowcharts, risk and controls matrix, and testing approach.

• Applying professional skepticism and subject matter expertise to independently evaluate and conclude on control deficiencies and develop the necessary remediation actions and monitor their implementation in due time.

Additional responsibilities include:

• Leading and delivering internal audit projects focused on IT, data governance, and emerging technology risks with a primary focus on internal controls for financial reporting and SOX.

• Providing advisory services to technology and business leaders on IT risk management, control optimization, and compliance matters.

• Evaluating data integrity, system development practices, access management, and change management processes.

• Working closely with engineering, and IT teams to design and implement effective and scalable IT controls.

The role also involves:

• Identifying, assessing, and documenting control deficiencies, including evaluation of severity and impact.

• Working with cross-functional leadership and process owners to develop, track, and validate timely remediation plans.

• Recommending process improvements and efficiency opportunities while maintaining control effectiveness.

Stakeholder collaboration is key:

• Acting as the key liaison with IT, engineering, security, finance, and business system teams for IT SOX and assurance initiatives.

• Partnering with external auditors to coordinate IT SOX testing approaches and reliance strategies.

• Providing training and guidance to IT and business stakeholders on IT control requirements and best practices.

Reporting and communication responsibilities include:

• Preparing reports and presentations summarizing IT SOX results, audit findings, and remediation progress for the head of internal audit and audit committee.

• Communicating complex IT control issues in a clear, business-oriented manner to senior management and stakeholders.

• Monitoring industry and regulatory developments, advising leadership on emerging IT and data-related risks.

Education & certification:

• Bachelor's degree in information systems, computer science, accounting, or related field.

• CISA, CISSP, or equivalent certification strongly preferred; CPA or CIA is a plus.

Experience:

• 10+ years of progressive experience in IT audit, IT risk, or IT SOX compliance, with at least 3+ years in a managerial or supervisory level role.

• Big Four accounting firm or equivalent experience in internal or external audit or IT consulting practice.

• Deep expertise in ITGCs, IT automated controls, key report testing, and their relevance to ICFR, internal audit methodology, and IIA standards.

• Experience auditing or testing both homegrown business systems and third-party SaaS applications.

• Familiarity with data governance, system implementation reviews, and cybersecurity risk assessments.

• Experience of working with audit management tools (e.g., AuditBoard, Archer, Workiva) to manage SOX and IT compliance programs.

Skills & competencies:

• Strong analytical and technical skills with the ability to evaluate IT and data risks across complex environments.

• Excellent communication and interpersonal skills to effectively engage with both technical and non-technical stakeholders.

• Proven ability to lead and review the work of internal teams and co-sourced resources.

• Organized, detail-oriented, and able to manage multiple priorities in a dynamic environment.

Nice to have:

• Experience with data analytics and automated testing tools to enhance SOX testing efficiency and insights.

• Exposure to emerging technologies such as cloud computing, cybersecurity, and RPA, and their control implications.

• Prior experience working in a fast-growth or global organization, adapting SOX programs to evolving structures and complexity.

• Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001, COBIT) and their application to IT risk management.

• Experience with data governance and data integrity reviews, including testing controls over data migration, transformation, and reporting.

• Prior involvement in system implementation or upgrade reviews for ERP, financial systems, or homegrown applications.

• Exposure to DevOps, agile development, or CI/CD environments, including related ITGC and change management considerations.

• Working knowledge of data analytics and automation tools (e.g., SQL, Python, ACL, Power BI) to enhance testing efficiency and assurance insights.

Salary range information:

The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.

About lambda:

• Founded in 2012, ~400 employees (2025) and growing fast

• We offer generous cash & equity compensation

• Our investors include Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, US Innovative Technology, Gradient Ventures, Mercato Partners, SVB, 1517, Crescent Cove.

• We are experiencing extremely high demand for our systems, with quarter over quarter, year over year profitability

• Our research papers have been accepted into top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG

• Health, dental, and vision coverage for you and your dependents

• Wellness and commuter stipends for select roles

• 401k plan with