About the role

IT Audit Manager at Snowflake ensuring SOX compliance and conducting various internal audits. Collaborating on cloud auditing, internal controls, and compliance frameworks with a focus on security.

Responsibilities

Execute and support our IT internal controls assessments, other IT audits and investigations.
Lead audits of cloud infrastructure (AWS, Azure, GCP) focusing on identity and access management (IAM), encryption, and network security configurations rather than just general IT controls
Design and implement automated, data-driven audit procedures using SQL, Python, or AI coding tools like Cortex Code (in Snowflake) move toward real-time monitoring of security compliance.
Partner with Engineering and Product teams to audit secure software development lifecycles (SDLC) and CI/CD pipeline security.
Conduct internal compliance review, ensuring adherence to frameworks like ISO 27001, ISO 42001, ISO 22301, or ISO 27017.
Execute & Review testing work papers leveraging AI and analytics and be able to interpret risks and insights
Act as a consultant to product teams, helping design "compliant-by-design" systems for new features and technologies (eg . use of AI tools)
Assess and analyze the impact of IT control deficiencies and audit findings; identify remediation procedures and compensating controls to address the associated risks.
Participate in risk assessments and the design of audit programs in order to address relevant risks.
Assist in all phases of internal audits including planning, fieldwork, close meetings, and reporting.
Assist the Managers and Senior Managers to identify areas of improvement as well as recommend industry-wide best practices

Bachelor’s degree in Computer Science, Information Technology or Systems; or relevant MBA
7+ years of relevant work experience in high-growth, cloud-first technology companies.
Deep experience in building systems to prevent risk rather than just reporting it.
Recognized professional qualification(s) CA/CPA/CISA/CIA/CISSP/CCSP (Certified Cloud Security Professional) or CCSVP (Certificate of Cloud Security Knowledge)
An ability to influence senior leadership on emerging security risks and the design of scalable internal controls.
Proven experience in supporting the execution of an end-to-end IT SOX program and control principles (e.g. COSO). Experience in auditing Salesforce and Workday Financials is strongly preferred.
Data interpretation and data driven audit/analytics approach with experience in SQL. Java/Python readability preferred.
An ability to proactively problem-solve, identify, advocate for and execute improvements.
Being able to maintain a positive attitude and embrace changes, as well as thrive in a fast-paced environment.
An ability to manage multiple, concurrent projects efficiently and effectively with minimal oversight. Maintain relationships with process owners and other key stakeholders.
Certifications like AWS, Azure and Google Cloud is a plus but not required

Every Snowflake employee is expected to follow the company’s confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company’s data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.