Job
Description
What You'll Do Avalara is looking for a Security controls specialist to join our team, reporting to the Sr. Manager, Governance Risk and Compliance. You will collaborate with multiple teams to design an internal control environment for Sarbanes-Oxley compliance. What Your Responsibilities Will Be Support the build-out of technical SOX controls, working with Security, engineering, finance and IT to document and test controls across key systems. Assist in technology risk assessments to identify gaps against IPO-readiness benchmarks Help drive IT General Controls implementation, application controls and report testing, coordinating with internal teams and external auditors. Work with cross-functional teams to develop process flows, SOPs, and runbooks for key controls. Partner with all stakeholder teams to track control ownership, remediation efforts, and evidence collection. Coordinate the documentation and migration of control information into Avalaras GRC platform. Proactively engage on multiple simultaneous projects with internal and external stakeholders to support strategic security and compliance objectives. Assist with the performance of ad hoc risk and compliance assessments as needed. What You'll Need to be Successful Bachelors degree in Information Technology, Computer Science, or equivalent experience. 5+ years of experience in IT Audit, IT Security, or IT Risk Management. Proven experience conducting systemic risk analysis in complex technical environments, including reviewing application design and architecture. Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST, etc. Strong understanding of application security principles, including the ability to assess risk through code and design review processes. Deep knowledge of technical controls, including their design, implementation, and effectiveness. Experience working with business continuity, disaster recovery, vendor risk management, data privacy, and regulatory compliance. Skilled in identifying business risks and evaluating trade-offs between technical and business objectives. Experience with risk management platforms (e.g., ServiceNow GRC) is a plus. Highly self-motivated, proactive, and capable of managing concurrent priorities with minimal supervision. Strong organizational, planning, verbal, and written communication skills.
