Key Responsibilities
- SOX & IT Controls
- Perform and support SOX IT General Controls (ITGC) testing, including:
- User access management
- Change management
- System operations and backups
- Assist with walkthroughs, risk assessments, and control documentation
- Track and support remediation of control deficiencies
- Partner with Internal Audit and external auditors during SOX audits
- SOC 2 & Third-Party Assurance
- Support SOC 2 Type I and Type II readiness and ongoing compliance
- Maintain control narratives, evidence, and audit artifacts
- Coordinate with IT, Engineering, and Security teams to ensure controls are operating effectively
- Assist in responding to customer and vendor security questionnaires
- Cybersecurity & Risk Collaboration
- Work with the Cybersecurity team on:
- Security policies and standards
- Risk assessments and control alignment (NIST, ISO, etc.)
- Incident response and access reviews (governance perspective)
- Help bridge compliance requirements with security operations
- Documentation & Continuous Improvement
- Maintain IT policies, procedures, and control documentation
- Identify opportunities to improve control design, automation, and audit efficiency
- Stay current on regulatory and industry best practices
Required Qualificatons
- 3–6 years of experience in IT audit, IT compliance, or technology risk
- Hands-on experience with SOX ITGCs
- Exposure to SOC 1 and/or SOC 2 audits
- Understanding of core IT processes (access, change, SDLC, infrastructure)
- Strong documentation and communication skills
Preferred Qualfications
- Experience in a public company environment
- Familiarity with cybersecurity frameworks (NIST, ISO 27001, CIS)
- Experience working with external auditors or Big 4 firms
- Certifications or progress toward:
- CISA - Required
- CISM
- CRISC
- CISSP (a plus, not required)
What We Offer
- Exposure to SOX, SOC 2, and cybersecurity governance
- Career growth toward Senior IT Auditor, GRC Manager, or Cyber Risk roles
- Cross-functional work with IT, Security, Finance, and Audit teams
- Competitive compensation and benefits
- Why This Role Is Attractive (unspoken but real)
- Not “pure audit” — includes security and risk exposure
- Public company experience (very marketable)
- Clear path into senior IT audit, GRC, or cyber risk
Top Skills
What We Do
Marcus & Millichap was founded in 1971 with the goal of being a new kind of company – one driven by long-term relationships and built on a culture of collaboration. We focus on bringing together specialized market knowledge, the industry's leading brokerage platform and exclusive access to inventory to achieve exceptional results for our clients, year after year. Today, we are the industry’s largest firm specializing in real estate investment sales and financing, with over 80 offices and nearly 2,000 investment sales and financing professionals throughout the United States and Canada. In 2021, the firm closed 13,255 transactions with a sales volume of $84.4 billion.
