About the Role

Your Impact

• Annual IT Audit Plan Delivery: Own the execution of audits across the annual IT audit plan — scoping, risk assessment, fieldwork, reporting, and remediation follow-up — producing high-quality workpapers and findings that drive measurable risk reduction.
• IT General Controls (ITGCs): Evaluate and continuously rationalize ITGCs across our cloud platforms (AWS/GCP), CI/CD pipelines, and enterprise systems (NetSuite ERP, Coupa, etc.) to support ongoing SOX compliance and operational resilience.
• Internal AI Governance: Play a leading role in how AppFolio governs the internal use of generative and agentic AI — assessing policy design, model and tool usage, data privacy, vendor risk, and AI-supported development workflows against frameworks like the NIST AI RMF.
• Engineering & Cloud Assurance: Assess the effectiveness of automated security checks embedded in our CI/CD pipelines and cloud configurations so we maintain “Elite” deployment performance without compromising security or compliance.
• Strategic Risk Assessment: Contribute to the enterprise technology risk assessment by identifying emerging threats across cloud-native infrastructure, payments systems, and agentic AI platforms — and translating them into a forward-looking audit plan.
• Data Governance & Privacy Assurance: Partner with Data Governance teams to audit data discovery scans, classification efforts, and the protection of sensitive information across structured and unstructured data sources.
• Trusted Partnering: Work directly with the CIO organization, CISO, Engineering leadership, and Finance to deliver practical, data-driven recommendations that improve our security posture, operational efficiency, and audit-readiness.

Qualifications

• Experience: 4 to 7 years of progressive experience in IT audit, technology risk management, or cybersecurity, with a clear track record of delivering audits end-to-end.
• Public Accounting Rigor: Previous experience in a Big 4 or large national accounting firm, with a focus on IT audit or advisory services, is a plus.
• Environment: Direct experience auditing or managing risk in a high-growth SaaS, FinTech, or technology-driven environment.
• Technical Knowledge: Familiarity with cloud infrastructure security (AWS/GCP), containerization (Kubernetes), generative and agentic AI, and modern software development lifecycles (SDLC).
• AI Governance: Exposure to emerging AI governance frameworks (e.g., NIST AI RMF) or experience auditing internal AI / LLM usage is a strong plus.
• Technical Control Advisory: Demonstrated ability to translate technical control objectives into action-oriented plans that bridge the gap between current and desired state.
• Financial Systems: Experience with cloud-based ERP systems (NetSuite preferred) and automated segregation of duties (SoD) monitoring tools.
• Education: Bachelor’s degree in Management Information Systems, Computer Science, Accounting, or a related field.

Must Haves

• Certification: CISA (Certified Information Systems Auditor), CISSP, CIA, or AWS Certified Security Specialty.
• Professional Presence: Excellent communication and presentation skills, with the ability to translate complex technical risks into a business context for senior leadership.
• Objective Reasoning: A proven ability to critically assess the reliability of information and maintain an inquisitive attitude toward automated control environments.
• Analytical Mindset: Demonstrated success in leading complex technical audits across multiple stakeholders and high-volume data environments.
• Bias for Impact: You see audit as an exercise to enhance the company’s ability to manage risk— not a checklist — and bring curiosity, ownership, and a high standard of craft to every engagement.