Senior Technology Audit Analyst
Teamwork makes the stream work.
Roku is changing how the world watches TV
Roku is the #1 TV streaming platform in the US, and we've set our sights on powering every television in the world. Roku pioneered streaming to the TV. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love, enable content publishers to build and monetize large audiences, and provide advertisers unique capabilities to engage consumers.
From your first day at Roku, you'll make a valuable - and valued - contribution. We're a fast-growing public company where no one is a bystander. We offer you the opportunity to delight millions of TV streamers around the world while gaining meaningful experience across a variety of disciplines.
Roku is looking for an experienced Senior Technology Audit Analyst to be part of our growing Internal Audit (IA) team. Reporting to the Director of Internal Audit, this individual will play a critical role in supporting the IT SOX compliance program, driving cybersecurity and technology risk related audits and serving as a technology risk and compliance advisor to key engineering stakeholders. This individual must possess thorough knowledge of technology and cybersecurity controls in line with regulatory and other compliance requirements, great attention to details and be able to manage multiple time sensitive deliverables across a highly matrixed organization. We are looking for a high-energy, hands-on individual that can work independently and cooperatively with other teams to address technology compliance requirements and scale the internal audit department as the company grows.
For California Only - The estimated annual salary for this position is between $140,000 and $148,000 annually.
Compensation packages are based on factors unique to each candidate, including but not limited to skill set, certifications, and specific geographical location.
This role is eligible for health insurance, equity awards, life insurance, disability benefits, parental leave, wellness benefits, and paid time off.
What you’ll be doing
- Partner with Roku’s Engineering, Trust Engineering, and Product Management teams to plan, scope, and evaluate the design and effectiveness of company’s IT controls and lead technology audit efforts
- Research and keep abreast on organizational policies and processes, and new guidance, publications, and standards
- Support the overall delivery and scaling of the technology SOX audit. Identify, evaluate, and document the design and effectiveness of the IT general controls, application controls, and key reports looking for both control gaps and opportunities to gain process efficiencies
- Manage and deliver on various technology operations audits, system implementation reviews, and regulatory assessments (SOX, SOC 1, SOC 2, PCI, FedRAMP, GDPR, etc.) and applicable advisory initiatives with full involvement in planning, fieldwork and reporting
- Conduct information security related assessments to cover domains like User Access, Network, OS and Application Security, Encryption, Backup Management, Disaster Recovery, etc
- Stay abreast of security trends, emerging technologies, and cybersecurity field developments
- Represent internal audit as a subject matter cybersecurity expert and trusted advisor to engineering stakeholders on key technology risk areas including enterprise security, privacy, IT governance and compliance, IT infrastructure and operations
- Evaluate control deficiencies for impact and perform root cause analysis to determine appropriate management remediation actions
- Monitor management’s remediation efforts to closure, including review of supporting evidence and retesting
- Collaborate closely with co-sourced internal audit, external audit, control and process owners and executive management on IT SOX assurance program and deliverables
- Utilize data analytics and automation techniques, perform benchmarking activities, and support other initiatives to shape innovative strategies for internal controls testing, risk assessment, and continuous auditing/monitoring
- Prepare accurate, detailed workpapers and reports while ensuring overall quality, consistency, and compliance to department and professional standards for audits
- Prepare quarterly audit committee meetings presentations, newsletters, and other supporting documents, as needed
We’re excited if you have
- 4 to 6 years of relevant technology audit experience, preferably in a Big Four firm and/or large global public company internal audit
- Bachelor's degree in Information Technology, Computer Science,Information Systems, Engineering or equivalent
- Professional certification CISA, CISSP preferred. CPA, CIA, and/or CFE a plus
- Experience in one or more of the following technology audit areas: IT general controls, security compliance controls, network and infrastructure audits, business process automated controls, system implementation reviews, robotic automation, data analytics, key reports testing or similar
- Strong working knowledge of cyber security standards (ISO 27001), governance frameworks (COBIT, NIST) and regulatory compliance (SOX, SOC2, GDPR, PCI-DSS, etc.)
- Experience with designing and evaluating IT and security controls for cloud environments such as AWS, MS Azure, Google Cloud, Oracle Cloud, etc. Cloud certifications (GCP, AWS) preferred
- Experience operating in high-growth, entrepreneurial environments preferably related to technology, media/entertainment, or advertising
- Highly motivated, proactive, with strong leadership, interpersonal and project management skills to multitask and ability to interact with all levels of management and work with minimum supervision
- Ability to travel domestically and internationally up to 15%
- Master’s degree in Computer Science, Information Systems, Cybersecurity, Accounting or equivalent
- Experience in Media/Ad tech companies a plus
- Fundamental understanding of finance and business processes including quote to cash, procure to pay, financial close, hire to pay, etc. is highly desired
- Experience in auditing lead SaaS solutions including Oracle Cloud, NetSuite, Salesforce, Workday, etc. and knowledge of GRC tools like Auditboard is a plus
- Ability to thrive in a fast-paced environment and to work independently and within a team. Ability to learn quickly and adapt to an always-evolving media/entertainment industry
The Roku Culture
Roku is a great place for people who want to work in a fast-paced environment where everyone is focused on the company's success rather than their own. We try to surround ourselves with people who are great at their jobs, who are easy to work with, and who keep their egos in check. We appreciate a sense of humor. We believe a fewer number of very talented folks can do more for less cost than a larger number of less talented teams. We’re independent thinkers with big ideas who act boldly, move fast and accomplish extraordinary things through collaboration and trust. In short, at Roku you'll be part of a company that's changing how the world watches TV.
We have a unique culture that we are proud of. We think of ourselves primarily as problem-solvers, which itself is a two-part idea. We come up with the solution, but the solution isn't real until it is built and delivered to the customer. That penchant for action gives us a pragmatic approach to innovation, one that has served us well since 2002.
To learn more about Roku, our global footprint, and how we've grown, visit https://www.weareroku.com/factsheet.