Director, IT Internal Audit

GAQ226R189

Location: While the Bay Area is preferred, we will consider candidates in other locations. 

Databricks is looking for a Director, IT Internal Audit to lead our global IT audit team. In this role, you will be accountable for designing and driving the IT SOX program, overseeing risk-based IT audit initiatives, and partnering with executives across IT, Engineering, Security, Accounting, Finance, and Business Operations as you build our IT internal control framework.

You will serve as the primary liaison to senior leadership on IT risk, SOX compliance, and IT governance, while building a high-performing team that delivers measurable impact. This role offers visibility at the highest levels of the organization and requires a balance of strategic foresight, technical expertise, and hands-on leadership.

The impact you will have:

• Establish and own relationships with senior Engineering and IT partners as their strategic risk advisor on establishing internal controls and process efficiencies, providing insight and direction on risk management and SOX compliance
• Build and lead a team of risk and control professionals (both internal and external resources) who possess the knowledge and technical capability to drive value-based audits 
• Develop, implement, and maintain Databricks’ IT SOX compliance strategy and framework, ensuring alignment with business objectives and regulatory requirements, with a focus on scalability and establishing a common control framework
• Implement an IT risk assessment process and develop and own the annual IT internal audit plan for relevant engineering and IT systems and processes
• Serve as the subject matter expert and key contact for technology risks and controls within the organization, and be an insightful resource for strategizing on implementing controls in an efficient and effective manner, while balancing the pace and velocity of the organization 
• Recommend controls to be implemented as part of the new system and process implementations, and collaborate with teams on controls implementation
• Lead and manage IT risk assessments, integrated audits, and/or process reviews, including but not limited to cyber security, privacy, and infrastructure internal audits
• Continuously help improve the company’s ability to mitigate IT risks and develop recommendations on how to integrate controls as part of daily operations
• Collaborate closely with external auditors, providing necessary documentation, evidence, and support for IT SOX audits and other compliance assessments

What we look for:

• Minimum of 15+ years of experience, preferably with a mix of external audit/consulting and in-house internal audit experience within publicly traded companies  
• Bachelor's/Master's degree in a relevant field such as computer science, management information systems, software engineering, or equivalent experience
• Demonstrated expertise in designing, implementing, and assessing IT General Controls (ITGCs) and application controls in a SOX-compliant environment
• Deep understanding of common IT control frameworks as they pertain to IT SOX compliance in an engineering environment, with a strong emphasis on the COSO framework.
• Deep knowledge of technology environments/controls, including both 3rd party (e.g., AWS, GCP) and home-grown systems, and associated security and compliance considerations relevant to SOX
• Mission-driven, enthusiastic to learn and grow; team-oriented with a positive attitude and able to work in a hyper-growth, fast-paced environment
• Excellent written and verbal communication skills, with the ability to articulate complex technical and compliance concepts to both technical and non-technical audiences
• Strong risk management experience, including performing assessments and audits, driving issue impact discussions, and the ability to think strategically about remediation strategies