Senior Manager, IT Controls
Cambridge, Massachusetts, United States
EverQuote (Nasdaq: EVER) operates the largest online marketplace for insurance shopping in the United States. We make insurance shopping easy, efficient, and personal, saving consumers and providers time and money. Our goal is to reshape the way consumers shop and improve the way insurance providers attract and connect with customers as insurance shopping continues to shift online.
What you’ll do:
The Senior Manager, IT Controls reports to the CIO and will operate and manage a Sarbanes-Oxley (SOX) IT Controls program where revenue transactions and key reporting come from custom developed systems deployed to Amazon Web Services using CI/CD. You’ll work with our security team to ensure our control owners have complete and accurate review populations and validate the propriety of control execution. You’ll direct our IT controls monitoring team and provide input on our internal control monitoring and execution tools. If our business or technologies change, you’ll work with our engineering, IT, finance, HR, and product teams on any necessary changes to our SOX IT Controls.
About you:
● CPA (Certified Public Accountant) or CISA (Certified Information Systems Auditor) required; CISSP (Certified Information Systems Security Professional) and/or CISM (Certified Information Security Manager) preferred.
● 8+ years large public company internal and external auditing, with emphasis on IT auditing in large public companies with complex custom developed platforms in public cloud environments and/or large accounting firms with experience auditing a complex IT client base.
● 5+ years experience in a position of leadership to include team development and management.
● Expert level IT audit program and practices experience. Big 4 IT Audit experience preferred.
● Expert understanding of the general computer control areas and IT governance frameworks (e.g., Sarbanes-Oxley, COSO framework, COBIT, NIST CSF, ISO 27001).
● Working understanding of US Generally Accepted Accounting Practices.
● Direct experience designing and implementing a system of internal controls, including experience in a large-scale management-led SOX organization as well as supporting a company’s SOX program.
● Proven experience with evaluating security and controls on various hosted and
SaaS/cloud-based technologies.
● Strong understanding of SDLC including agile and CI/CD processes.
● Functional knowledge of Git-based source code flows including commits, pull requests, approvals, and merges.
● Ability to negotiate, influence, and partner effectively with multi-functional and remote teams where resources may not be in direct control of this role.
● Demonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfied.
● Strong vendor management and partner relationship skills.
● Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforce.
Preferred Experience:
● Functional understanding of AWS Well-Architected Framework components including IAM roles and trust principals, CloudTrail, CloudWatch, Elastic Kubernetes Service
● Experience with Okta or other SaaS identity providers
● Atlassian Jira
● Working with an engineering organization using Scaled Agile Framework (SAFe) patterns
● VLOOKUP and other functions in Google Sheets and Microsoft Excel
● Experience building basic automation to perform simple API queries using Python
● Basic SQL knowledge
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Audits Automation AWS CI/CD CISA CISM CISSP Cloud COBIT Finance Governance IAM ISO 27001 Jira Kubernetes Monitoring NIST Okta Python SaaS SDLC SOX SQL Vendor management
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open TS/SCI-related jobs