The IT Audit Manager will play a critical role in evaluating and supporting the development of a strong IT SOX compliance program. Collaborating closely with IT, finance, GRC, and external auditors, this role will assess control effectiveness, identify gaps, and provide actionable recommendations for improvement. This role also offers the opportunity to manage additional IT audit activities, such as IT risk assessments, audit plans, and risk-based audits. It’s an exciting opportunity to shape a foundational compliance function and address challenges in a dynamic SaaS environment while influencing the company’s broader risk management approach.

This is a full time role that can be held from one of our US hubs or remotely in the United States.

What you’ll do at Figma:

• Oversee and manage all aspects of the IT SOX Compliance Program, including work streams for IT General Controls, Segregation of Duties, and application controls.

• Lead SOX planning, scoping, and audits for technology risks (e.g., cybersecurity, privacy, business resilience), including risk assessments of new products, process changes, and system implementations.

• Provide technical support in the assessment, design and implementation of IT General Controls (ITGC) and IT Application Control (ITAC) requirements through collaboration with GRC and IT Management. 

• Participate in systems upgrades and enhancements, as necessary, to review that internal controls over financial reporting are adequately identified and addressed

• Oversee and review control walkthroughs, documentation (e.g. flowcharts, control descriptions, in-scope systems listing) and quality assurance across all SOX IT areas. 

• Review ITGC control evidence for accuracy, completeness; evaluate reported deficiencies, validate the completion of remediation activities. 

• Coordinate testing of IPE, SOC reports, ITGCs, and automated controls in the SOX environment, while designing and refining test approaches for both new and existing controls.

• Participate in the preparation of materials and presentation of IT data for various SOX meetings (e.g. SOX Steering Committee; Internal Audit Planning discussions).

• Lead the IT audit planning process and manage IT Operational Risk Assessments and Audits to evaluate and enhance the effectiveness of IT controls, processes, and compliance with organizational policies

We'd love to hear from you if you have:

• 7+ years in information security and IT auditing, with SOX compliance focus

• Experience in project management, SOX business controls, and ITGCs

• Demonstrated knowledge of PCAOB/SEC requirements and audit frameworks

• Proficiency in audit methodologies, governance concepts, tools, and best practices

• Experience with managing external auditor requirements and expectations

• Excellent written and verbal communication skills for effective information sharing

• Demonstrated ability to collaborate across Internal Audit and cross-functional teams

While not required, it’s an added plus if you also have:

• Experience with data analytics tools (e.g., ACL, IDEA) for audit processes

• Familiarity with emerging technologies and cloud security controls

• Background in cybersecurity risk assessments and frameworks (e.g., NIST, ISO)

• Hands-on experience with automated audit tools or SOX project management software

• Preferred certifications: CA, CPA, CIA, CISA, CFE

• Prior work in a fast-paced, tech-oriented environment

At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.