At Qualtrics, we create software the world's best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform-we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention-but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.
When you join one of our teams, you'll be part of a nimble group that's empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won't have to look to find growth opportunities-ready or not, they'll find you. From retail to government to healthcare, we're on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that's work worth doing.
Senior Manager, IT Internal Audit & SOX
Why We Have This Role
At Qualtrics, we build technology that closes experience gaps - and our Internal Audit team plays a direct role in making sure we do it with integrity at scale. This isn't a "check-the-box" audit role. This is a chance to architect and own our entire IT SOX and technology assurance program, influence how IT, engineering and security teams think about risk, controls and compliance, and operate across levels and functions of the organization. You'll report directly to the Chief Audit Executive and carry high visibility across the enterprise - Finance, Operations, IT, Security. You'll be the internal authority on IT SOX and operational risks, controls and compliance - the person leaders call for meaningful insights and assurance.
How You'll Find Success
This role operates at the intersection of strategic thought leadership, consistent execution and tech-forward innovation. We're looking for a self-starter, "roll up your sleeves" leader with a lived understanding of customer-focused mindset. Success in this role isn''t defined by power-points/spreadsheets, control test completion rates or a tally of audit projects - it''s defined by your impact to the organization's process risk, controls and compliance intelligence and capabilities. You show up in the following ways everyday:
Player-Coach Mindset: As an IC, you roll up your sleeves while architecting and carrying the strategic IT SOX and Audit vision - no directing from a distance. You show up with a point of view on current risks/capabilities and industry trends. You influence without authority.
Executive Presence and Partner-Mindset: You walk into a room with a C-level leader and make complex process and risk clear, urgent, and actionable. No jargon, no hedging. You build relationships across the enterprise that position Internal Audit as a strategic partner rather than a compliance function.
Impactful Prioritization: Speed and quality are both non-negotiable. You know which battles to fight first, which has the biggest immediate impact, and prioritize ruthlessly
Tech-forward Innovation: You have a strong curiosity toward technology and opportunities for innovation. You drive innovative change, actively identifying, building and deploying process automations or AI-enabled capabilities - continuous monitoring, automated testing, scaled compliance. Familiarity is a baseline; innovative outcomes is the bar.
Analytical Rigor: You purposefully connect dots across disparate systems, think in risk frameworks, and support recommendations with data and actions.
How You'll Grow
Things You'll Do
IT SOX Leadership & Execution
Own the end-to-end IT SOX program - from strategy to testing and documentation, through remediation and Audit Committee-level reporting. This is the core of the role [today].
Manage and evolve the annual IT SOX compliance strategy, scoping methodology, and risk assessment framework - bringing genuine thought leadership, not just inherited templates
Design and execute all phases of IT SOX audit activity: walkthroughs, design and operating effectiveness testing and documentation, status tracking, issue reporting, and remediation validation
Support regular executive and Audit Committee-level reporting
Support and continuously look for opportunities to improve and optimize use of Internal Audit team tools, including Audit-board/Optro and Claude
Support IT SOX program and resource management activities, including co-source partner resources, while maintaining quality and driving consistency across the program
In partnership with the Business Process/Finance SOX lead, manage the full SOX documentation library - narratives, flowcharts, risk and control matrices (RCMs), and management certifications - and keep it audit-ready at all times
Drive deficiency management conversations with control owners, advocating for automation-first and scalable remediation over manual, siloed patches
Own the relationship with external IT auditors, ensuring all testing methodologies and documentation meet PCAOB standards and align with external auditor expectations to maximize the reliance strategy
Proactively solve challenges related to process design and training activities for the development and implementation of IT-related internal controls and SOX related topics at a global, enterprise level
Build and sustain trusted relationships with internal (IT, engineering, finance, legal, security) and external (co-source team and external audit) stakeholders - positioning audit as a strategic partner and enabler, not a hurdle
Train and up-skill the internal audit team, partners and stakeholder on IT and security trends, best practices, risks, and controls
Operational / Technology Advisory & Assurance Engagements
Beyond SOX, you'll help build a broader technology-focused advisory and assurance capability within Internal Audit - one that's proactive, risk-intelligent, data-driven and surfaces impactful insights to our enterprise partners.
Provide thought leadership and support the strategic design, development, and ongoing management of a technology and security-focused advisory and assurance program, rooted in sound frameworks and proven best practices
Partner with Internal Audit leadership and key stakeholders to develop and maintain a relevant audit universe, aligned to enterprise risk priorities such as cybersecurity, cloud, resilience, data governance, AI and emerging technologies
Design and execute all phases of assurance and advisory projects including planning, scoping, execution, documentation, issue management, reporting
Establish and maintain program governance, including tracking and reporting audit plan status, KPIs/metrics, and risk coverage
Monitor audit execution for timeliness, consistency, quality, and adherence to established methodologies and standards through the use of standardized tools, templates, and frameworks
Support the development of Audit Committee and executive‑level reporting, including audit plan progress, learnings and insights/opportunities, and emerging risk themes
Partner with the stakeholder/adjacent groups (e.g., GRC, IT, engineering, legal) that operate enterprise governance and compliance programs (e.g., SOC, Hitrust, FedRAMP, HIPAA, privacy) to identify opportunities for connected risk management and assurance activities
Collaborate with IT, product and engineering teams to educate and embed a "compliance and risk mitigation by design" mindset into how we build and ship products internally and externally
Continuously look for process efficiency and unwanted risk mitigation opportunities, leveraging deep data analytics skills to surface insights that go beyond financial reporting or surface-level symptoms
AI Innovation & Future-Forward Auditing
You'll play an integral role in designing and developing the next generation of internal audit advisory and assurance capabilities through automation and artificial intelligence.
Design, build and promote AI and other automation tools/capabilities within Internal Audit and across stakeholder functions, turning SOX and audit learnings and insights into operationalized innovative capabilities - e.g., building continuous monitoring capabilities, automating routine SOX compliance and audit activities, or automating manual operational controls
Stay ahead of emerging technology risks: GenAI governance, process automation risks, evolving regulatory requirements, AI in SOX compliance
Lead the transformation of Internal Audit''s capabilities and service offerings by advancing the integration of AI and automation into core audit activities
Executive Stakeholder Management
High-visibility communication is a core part of this role. You'll translate technical complexity into business relevance for leaders who need to act on it.
Prepare and deliver clear, high-impact findings/insights and strategic opportunities to senior leadership, support preparation of Audit Committee-level reporting
Serve as the primary IT Internal Audit liaison to co-source partners and external auditors - driving alignment on strategy, methodology, audit coverage, timelines and program status
Build durable partnerships across Finance, Engineering, Legal, Privacy, and Security - contributing to Internal Audit's role as a strategic business partner
Build and maintain a network of strong partnerships to build common ground for cooperation with key decision makers
What We're Looking For On Your Resume
Required:
Bachelor's degree in Accounting, Management Information Systems (MIS), Computer Science, or a related field
8+ years of progressive experience in IT SOX compliance, IT Internal Audit, or Risk Advisory in Big 4 (or similar) or in-house internal audit function
Proven experience designing, implementing, and managing IT SOX compliance and assurance programs, with deep, hands-on expertise in COSO, SOX 404, and PCAOB audit standards - you've lived this, not just studied it
Experience auditing cloud-native, SaaS environments and automated business applications and ERPs (e.g., NetSuite, Salesforce, Workday)
Track record of implementing or optimizing AI/automated compliance and audit capabilities/tools
Proven ability to inform and influence at the executive level - influence without authority
Experience working in GRC tools (like Auditboard/Optro), or building home-grown solutions
Technical Knowledge
Mastery of IT general controls (ITGCs), IT application controls, and key reports/interfaces in a SaaS environment
Fluency in key frameworks like COSO, COBIT, NIST CSF, ISO 27001/42001, SOC 1/SOC 2
Hands-on experience auditing - and strong understanding of - technology and cybersecurity risk domains, including cloud environments, application architecture, SDLC, CI/CD, data governance, IAM, and operational resilience
Demonstrated proficiency using AI tools (e.g., Claude or equivalent) to accelerate audit workflows and improve manual operations - including project management, evidence analysis, control testing, and documentation - while maintaining professional skepticism and exercising sound judgment on when AI assistance is and is not appropriate
High proficiency with audit tools and engineering platforms like AuditBoard/Optro, Jira, ServiceNow, GitHub, GitLab, and CI/CD platforms
Certifications (one of the following)
CISA
CIA
CISSP
Preferred:
Forward-looking - a strong differentiator for AI-era candidates:
What You Should Know About This Team
Our Team's Favorite Perks and Benefits
The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life. #hybrid
Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
Applicants in the United States of America have rights under Federal Employment Laws:Family & Medical Leave Act, Equal Opportunity Employment, Employee Polygraph Protection Act
Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.
Not finding a role that's the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You''ll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.
For full-time positions, this pay range is for base per year; however, base pay offered within this range may vary depending on location, job-related knowledge, education, skills, and experience. A sign-on bonus and restricted stock units may be included in an employment offer. Full-time employees are eligible for medical, dental, vision, life and disability, 401(k) with match, paid time off, a wellness reimbursement, mental health benefits, and an experience bonus. For a detailed look at our benefits, visit Qualtrics US Benefits.
Washington State Base Annual Pay Transparency Range
$177,000-$192,000 USD