IT Audit Manager

An overview of this role

As an IT Audit Manager, you'll build and lead an IT audit function that helps GitLab teams ship quickly while staying secure and compliant. You'll connect fast-moving engineering, IT operations, and security teams with a practical control environment that supports how modern systems actually run, across multi-cloud infrastructure, AI and machine learning systems, and DevSecOps practices. You'll own end-to-end IT SOX program execution, design and test IT general controls and application controls, and use data analytics, automation, and GenAI tools to make audits more efficient, continuous, and insightful. Instead of handing off findings and walking away, you'll partner directly with leadership to turn those insights into concrete improvements in areas like cloud security, access management, and financial statement processes, positioning IT audit as a trusted advisor and strategic partner in GitLab's growth.

What You’ll Do  

• Lead end-to-end IT audits covering SOX compliance, multi-cloud infrastructure (AWS, Azure, GCP), AI/ML systems, and application controls in complex environments.
• Design and execute testing of IT general controls, application controls, and entity-level controls, turning findings into clear, actionable improvements for technology and business teams.
• Manage the IT SOX program from planning through reporting, including risk-based scoping, coordination of co-source providers, documentation of risk and controls, and tracking of remediation efforts.
• Collaborate with engineering, IT operations, security, and business process owners to assess emerging risks, review new system implementations, and advise on practical, effective control designs.
• Drive audit innovation by using data analytics, automation, and GenAI tools to streamline procedures, implement continuous monitoring, and enhance audit quality and insight.
• Conduct walkthroughs and control evaluations across key financial statement processes (record to report, order to cash, hire to retire, procure to pay) and review SOC 1/SOC 2 reports for third-party vendors.
• Prepare clear, concise audit reports that explain issues, business impacts, and prioritized recommendations to senior leadership and other stakeholders.
• Mentor junior auditors and contribute to the evolution of IT audit methodologies, with a focus on emerging technologies, cybersecurity controls, and segregation of duties.

What You’ll Bring 

• Experience leading end-to-end IT audit and SOX compliance programs in complex, fast-changing technology environments, including planning, fieldwork, reporting, and follow-up.
• Applied knowledge of IT general controls, application controls, e