The RealReal
Manager, Audit Technology Risk
The RealReal, San Francisco, California, United States, 94199
About The RoleWe are looking to hire a Manager to help lead and build the Technology Risk function of the Internal Audit Team. The Manager will report to the Vice President, Head of Internal Audit, and will work with other risk functions to develop an integrated risk and controls program to mitigate existing and emerging risks. This individual will own and be responsible for assessing risk and developing mitigation strategies within TRR's business processes, financial systems and engineering environment as it relates to operational risk, internal controls over financial reporting and will serve as our IT SOX PMO.This role will work closely with internal and external partners, interacting on a day to day basis department heads across technology, finance and operations teams to execute ongoing risk assessments and risk mitigation activities in a highly complex marketplace environment. This role will also be responsible for the overall management of the IT SOX and IT Audit program. The successful applicant is a builder and will have extensive marketplace, financial systems, engineering, internal controls and Enterprise Risk Management Experience.
What you get to do everydayLead and own all phases of the Company's IT Audit and IT internal controls program from planning through reporting
As a technical subject matter expert, lead risk-based operational audits including risk assessments, business and IT operational process reviews, integrated audits and system implementation reviews related to technology risks, including cloud, cybersecurity and privacy risks
Lead reviews of new and enhanced products, supporting systems, process changes, system architecture and implementations
Serve as a risk advisor to assess new products, systems, databases or changes to existing processes to identify financial and operational risks before launch, providing recommendations for improvement
Work cross-functionally with engineering and security teams, offering IT controls expertise and testing controls to ensure compliance with information security and privacy requirements
Understand applicable laws and regulations to provide a point of view on regulatory requirements and risks related to information security and privacy controls
Coordinate SOX program testing IT controls with co-sourced team, external audit IT team members, control owners, managers and executive management
Lead benchmarking and other initiatives to improve controls, make processes more efficient, effective, and/or reduce cycle time for SOX IT compliance
Own relationships with key partners as their risk advisor on internal controls and process efficiencies, providing insight and direction in regards to financial and operational risk
Continuously help improve the company's ability to mitigate risks and develop recommendations on how to integrate controls as part of daily operations
What you bring to the role
MInimum Requirements:
B.A. or B.S. in Information Technology, Information Systems, Accounting, Finance, or related required.
Minimum of five (5) years of experience, in IT Audit, Information Security Risk Management, IT Compliance, IT Internal Audit or related experience
Experience working with Engineering and Product organizations is a must
Consulting experience providing IT audit services is highly preferred
Platform marketplace industry experience is highly preferred
Experience working in a co-sourced environment is highly preferred
Knowledge and experience with Sarbanes-Oxley, evaluating the design and effectiveness of processes and controls over system development/change management, logical and physical access, data integrity/accuracy/completeness, as well as IT infrastructure security.
Extensive knowledge of internal control and compliance frameworks (specifically COSO, COBIT, NIST, SOX, SOC 2 and ISO 27001) and hands-on experience applying the frameworks to design controls that are operationally effective across multiple compliance programs in cloud-based IT environments
Preferred Requirements:
Big 4 Public Accounting experience with Fortune 500 clients
Experience with internal audit GRC tools, i.e. Auditboard
CPA, CIA, CISA, or other relevant professional certification (or actively working towards achieving certification)
Experience testing GITC, ITAC, Key Reports, Cybersecurity and privacy
Project/audit management experience
Experience communicating audit requirements and results to process and control owners
Experience with Google Business Suite
Compensation, Benefits, + Perks
Employee Stock Purchase Plan
401K with Company Match
Medical, Dental & Vision Insurance
Paid Parental Leave
Unlimited Discretionary Time Off (DTO)* and 10 Paid Company Holidays
* Unlimited DTO with Manager approval
Find out more about our Benefits here.
The expected salary range for this role is $133,722.00-$140,760.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate's skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR's total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.
The RealReal is the world's largest online marketplace for authenticated, resale luxury goods, with more than 30 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories-including women's and men's fashion, fine jewelry and watches, art and home-in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off and direct shipping. We do all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as handling shipping and customer service. At our 13 retail locations, including our twelve shoppable stores, customers can sell, meet with our experts and receive free valuations.
The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records. At TRR, People Come First. That's why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our Diversity Equity and Inclusion program here.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
What you get to do everydayLead and own all phases of the Company's IT Audit and IT internal controls program from planning through reporting
As a technical subject matter expert, lead risk-based operational audits including risk assessments, business and IT operational process reviews, integrated audits and system implementation reviews related to technology risks, including cloud, cybersecurity and privacy risks
Lead reviews of new and enhanced products, supporting systems, process changes, system architecture and implementations
Serve as a risk advisor to assess new products, systems, databases or changes to existing processes to identify financial and operational risks before launch, providing recommendations for improvement
Work cross-functionally with engineering and security teams, offering IT controls expertise and testing controls to ensure compliance with information security and privacy requirements
Understand applicable laws and regulations to provide a point of view on regulatory requirements and risks related to information security and privacy controls
Coordinate SOX program testing IT controls with co-sourced team, external audit IT team members, control owners, managers and executive management
Lead benchmarking and other initiatives to improve controls, make processes more efficient, effective, and/or reduce cycle time for SOX IT compliance
Own relationships with key partners as their risk advisor on internal controls and process efficiencies, providing insight and direction in regards to financial and operational risk
Continuously help improve the company's ability to mitigate risks and develop recommendations on how to integrate controls as part of daily operations
What you bring to the role
MInimum Requirements:
B.A. or B.S. in Information Technology, Information Systems, Accounting, Finance, or related required.
Minimum of five (5) years of experience, in IT Audit, Information Security Risk Management, IT Compliance, IT Internal Audit or related experience
Experience working with Engineering and Product organizations is a must
Consulting experience providing IT audit services is highly preferred
Platform marketplace industry experience is highly preferred
Experience working in a co-sourced environment is highly preferred
Knowledge and experience with Sarbanes-Oxley, evaluating the design and effectiveness of processes and controls over system development/change management, logical and physical access, data integrity/accuracy/completeness, as well as IT infrastructure security.
Extensive knowledge of internal control and compliance frameworks (specifically COSO, COBIT, NIST, SOX, SOC 2 and ISO 27001) and hands-on experience applying the frameworks to design controls that are operationally effective across multiple compliance programs in cloud-based IT environments
Preferred Requirements:
Big 4 Public Accounting experience with Fortune 500 clients
Experience with internal audit GRC tools, i.e. Auditboard
CPA, CIA, CISA, or other relevant professional certification (or actively working towards achieving certification)
Experience testing GITC, ITAC, Key Reports, Cybersecurity and privacy
Project/audit management experience
Experience communicating audit requirements and results to process and control owners
Experience with Google Business Suite
Compensation, Benefits, + Perks
Employee Stock Purchase Plan
401K with Company Match
Medical, Dental & Vision Insurance
Paid Parental Leave
Unlimited Discretionary Time Off (DTO)* and 10 Paid Company Holidays
* Unlimited DTO with Manager approval
Find out more about our Benefits here.
The expected salary range for this role is $133,722.00-$140,760.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate's skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR's total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.
The RealReal is the world's largest online marketplace for authenticated, resale luxury goods, with more than 30 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories-including women's and men's fashion, fine jewelry and watches, art and home-in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off and direct shipping. We do all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as handling shipping and customer service. At our 13 retail locations, including our twelve shoppable stores, customers can sell, meet with our experts and receive free valuations.
The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records. At TRR, People Come First. That's why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our Diversity Equity and Inclusion program here.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.