Senior Auditor - IT, cybersecurity & infrastructure

WHO YOU ARE:

You are a well-rounded internal auditor with a strong foundation in IT General Controls (ITGC), cybersecurity, and infrastructure risk. You’ve led IT-focused audits, but you also enjoy contributing to integrated audits that touch finance, operations, and compliance. You ask smart questions, connect the dots across systems and processes, and never lose sight of the bigger picture. You’re comfortable working with engineers and business leaders alike — translating technical issues into practical risk insights. You care about helping others grow, and you’re confident mentoring junior auditors to raise the quality of control testing. You thrive in fast-paced environments, enjoy variety in your audit work, and take pride in being both detail-oriented and adaptable.

WHAT YOU’LL DO:
You will be responsible for working with leadership to plan, execute, and deliver outcomes. 

• Lead ITGC audit efforts across domains like user access, change management, backup, and segregation of duties.
• Provide coaching, review, and oversight to junior auditors executing ITGC testing.
• Collaborate with engineering, legal, and business units to review risks in APIs, digital platforms, and third-party services.
• Conduct and document walkthroughs, control testing, and remediation tracking aligned to audit standards.
• Support SOC 2 readiness assessments, including control evaluation against Trust Services Criteria.
• Evaluate cybersecurity, privacy, and infrastructure risks, including in cloud-native platforms (AWS, GCP).
• Participate in integrated audits that include financial, operational, and compliance components — even outside your core expertise.
• Help build audit procedures that link business processes to IT risks and technical control testing.
• Review API integrations, CI/CD pipelines, and DevOps practices for control coverage and potential gaps.
• Contribute to audit automation and data-driven testing efforts, including use of tools like SQL, Python, or Excel.
• Communicate audit results, risks, and recommendations clearly to stakeholders at multiple levels.

WHAT YOU’LL NEED:

• Bachelor’s degree in Information Systems, Accounting, Finance, Engineering, or a related field.
• 5–8 years of progressive experience in internal audit or IT risk, including leading ITGC audits.
• Demonstrated ability to mentor junior auditors and ensure quality execution of control testing.
• Strong working knowledge of:
  • ITGC domains: access controls, change management, backups, SDLC
  • Cloud environments (AWS, GCP, Azure): IAM, encryption, monitoring
  • DevOps / CI-CD practices, third-party risk, and infrastructure security
  • Identity and access management (IAM)
  • Logging and monitoring
  • Vulnerability management
  • Encryption and backup
• Familiarity with one or more frameworks: SOC 2, NIST CSF, ISO 27001, HIPAA, CCPA
• Experience participating in multi-disciplinary audits (e.g., combining financial and IT testing)
• Experience in working with or auditing security, DevOps, or engineering teams is strongly preferred.
• High-quality documentation and communication skills, including audit reporting and issue articulation.
• Proficiency with Microsoft Excel; experience with SQL, Python, Tableau, or GRC platforms is a plus.
• PROFESSIONAL CERTIFICATIONS (One or more preferred):
  • CISA – Certified Information Systems Auditor
  • CISSP – Certified Information Systems Security Professional
  • CCSK – Certificate of Cloud Security Knowledge
  • CIPP/US – Certified Information Privacy Professional – U.S.
  • CRISC – Certified in Risk and Information Systems Control

WHAT’S IN IT FOR YOU?

We’re looking for the best and brightest innovators in the industry to join our team. At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability.

#LI-UM1