Senior Manager, IT Controls

EverQuote (Nasdaq: EVER) operates the largest online marketplace for insurance shopping in the United States. We make insurance shopping easy, efficient, and personal, saving consumers and providers time and money. Our goal is to reshape the way consumers shop and improve the way insurance providers attract and connect with customers as insurance shopping continues to shift online.

What you’ll do:

The Senior Manager, IT Controls reports to the CIO and will operate and manage a Sarbanes-Oxley (SOX) IT Controls program where revenue transactions and key reporting come from custom developed systems deployed to Amazon Web Services using CI/CD. You’ll work with our security team to ensure our control owners have complete and accurate review populations and validate the propriety of control execution. You’ll direct our IT controls monitoring team and provide input on our internal control monitoring and execution tools. If our business or technologies change, you’ll work with our engineering, IT, finance, HR, and product teams on any necessary changes to our SOX IT Controls.

About you:

●  CPA (Certified Public Accountant) or CISA (Certified Information Systems Auditor) required; CISSP (Certified Information Systems Security Professional) and/or CISM (Certified Information Security Manager) preferred.

●  8+ years large public company internal and external auditing, with emphasis on IT auditing in large public companies with complex custom developed platforms in public cloud environments and/or large accounting firms with experience auditing a complex IT client base.

●  5+ years experience in a position of leadership to include team development and management.

●  Expert level IT audit program and practices experience. Big 4 IT Audit experience preferred.

●  Expert understanding of the general computer control areas and IT governance frameworks (e.g., Sarbanes-Oxley, COSO framework, COBIT, NIST CSF, ISO 27001).

●  Working understanding of US Generally Accepted Accounting Practices.

●  Direct experience designing and implementing a system of internal controls, including experience in a large-scale management-led SOX organization as well as supporting a company’s SOX program.

●  Proven experience with evaluating security and controls on various hosted and

SaaS/cloud-based technologies.

●  Strong understanding of SDLC including agile and CI/CD processes.

●  Functional knowledge of Git-based source code flows including commits, pull requests, approvals, and merges.

●  Ability to negotiate, influence, and partner effectively with multi-functional and remote teams where resources may not be in direct control of this role.

●  Demonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfied.

●  Strong vendor management and partner relationship skills.

●  Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforce.

Preferred Experience:

●  Functional understanding of AWS Well-Architected Framework components including IAM roles and trust principals, CloudTrail, CloudWatch, Elastic Kubernetes Service

●  Experience with Okta or other SaaS identity providers

●  Atlassian Jira

●  Working with an engineering organization using Scaled Agile Framework (SAFe) patterns

●  VLOOKUP and other functions in Google Sheets and Microsoft Excel

●  Experience building basic automation to perform simple API queries using Python

●  Basic SQL knowledge