Execute end-to-end IT audits, including planning, risk assessment, execution, and reporting, while driving alignment with cross-functional stakeholders.
Assess the design and operating effectiveness of IT controls across applications, infrastructure, and data environments, with a focus on key risk areas.
Identify systemic control gaps and emerging risks, and provide strategic, risk-based recommendations to strengthen the control environment.
Partner with IT, Security, and Compliance leadership to influence control design, risk mitigation strategies, and process improvements.
Deliver high-quality audit documentation and insights, and contribute to the evolution of audit methodologies and practices.
Lead execution of SOX IT testing, including IT General Controls (ITGCs) and IT Application Controls (ITACs), ensuring alignment with ICFR requirements.
Exercise judgment in evaluating control design and operating effectiveness, including assessing automated controls and system-generated reports.
Drive SOX activities including walkthroughs, RCM development and refinement, and scoping of in-scope systems and risks.
3-4 years of experience in IT auditing, risk management, or information security.
Experience with SOX IT controls (ITGCs & ITACs) and a solid understanding of ICFR concepts and financial reporting risks.
understanding of IT environments, including applications, infrastructure, databases, and cloud platforms (e.g., AWS, Azure).
Knowledge of IT risk and control frameworks (e.g., NIST, ISO 27001, COBIT) and core domains such as access management, change management, and IT operations.
Strong communication and interpersonal skills, with the ability to partner with stakeholders and influence outcomes.
Excellent organizational and project management skills, with the ability to manage multiple priorities and deliver high-quality work.
Nice to Have:
Professional certifications such as CISA, CRISC, CISSP, or equivalent.
Experience working with external auditors and supporting SOX reliance strategies (e.g., SOC reports, CUECs).
Familiarity with audit tools, data analytics, and GRC platforms (e.g., AuditBoard, ServiceNow).
Experience in a retail or consumer-facing environment.
Skills Required
- 3-4 years of experience in IT auditing, risk management, or information security.
- Experience with SOX IT controls (ITGCs & ITACs) and knowledge of ICFR concepts.
- Understanding of IT environments, including applications, infrastructure, databases, and cloud platforms.
- Knowledge of IT risk and control frameworks (e.g., NIST, ISO 27001, COBIT).
- Strong communication and interpersonal skills.
What We Do
In 1969, Don and Doris Fisher opened the first Gap store on Ocean Avenue in San Francisco. They wanted to make it easier to find a great pair of jeans, and they did. Their denim and records store was a hit, and it grew to become one of the world’s most iconic brands. Today we’re represented in more than 1400 stores in over 40 countries, and online. We have headquarters in New York, London, Shanghai, Tokyo, and, of course, San Francisco. Our unique aesthetic is optimistic cool, elevated American style. Our clothes are crafted with care, with focused attention to thoughtful design. We believe in staying true to our heritage while creating what’s next. Don and Doris Fisher always wanted to “do more than sell clothes.” They wanted to support the people who ran their company, to be active in their communities, and to have a positive impact on the world. Their vision helped transform retail, and we’re still following their lead. We stand for freedom and possibility for all; we champion diverse ideas that transcend generations, geographies and genders.
