Technology Audit Manager

Technology Audit Manager

About the role:

Invitae is a rapidly-growing, technology-driven company whose mission is to bring comprehensive genetic information into mainstream medical practice to improve the quality of healthcare for billions of people.  We are committed to protecting the data and privacy of our customers and employees. The Internal Audit function will play a critical role in scaling the organization, ensuring that security and privacy commitments are met, and building an environment of effective and scalable internal controls. The initial focus of this position is on assessing our cloud-based and internally developed IT architecture to ensure compliance with standards such as SOX, FDA, HIPAA and HITRUST.

As Technology Audit Manager, you will have the responsibility for assessing an evolving, cloud focused, application architecture, identifying critical risks and areas for improvement. You will be a part of a team delivering an innovative assurance and consulting approach that aligns with the fast-paced, dynamic environment of Invitae. 

Who you are:

• You are a self-motivated, inquisitive thinker with the ability to connect information and challenge the status quo to find innovative solutions
• You bring a positive attitude to work, run effective meetings, leaving people feeling energized and with a clear direction
• You enjoy working with business process owners across the company to assist in the assessment and improvement of their processes
• You have the flexibility to adapt to changing direction and priorities, thrive in a fast-paced environment, excel at managing multiple priorities, succeed in communicating with all levels within the organization and provide immediate contribution
• You are comfortable working in a flexible, non-traditional environment. You can differentiate between a process that is different and one that creates risk, and can clearly articulate the risk. You have moral courage to defend your position when you see significant issues and risk

What You’ll Do (Primary Areas of Responsibility):

• As an Internal Audit Manager, you will be a part of a growing team delivering an innovative assurance and consulting approach that enables the fast-paced, dynamic environment at Invitae
• You will assess Enterprise IT and Development Risk. A critical part of this includes the ability to articulate technology risk in business terms
• You will have an opportunity to transform the IT SOX Audit Program, aligning our internal controls with our risk and streamlining efforts to achieve and maintain compliance
• Manage technology risk associated with M&A activities. Invitae has recently acquired companies and assets and may continue to do so in the future. You will help to assess the risk associated with the technology assets and facilitate the implementation of controls around assets and processes
• Help implement, manage and test Oracle Cloud ERP Controls. As Invitae goes live on Oracle Cloud and integrates its M&A assets to Oracle Cloud, you will help ensure an appropriate level of controls to mitigate business risk
• Audit Invitae Cloud internally developed architecture. You will work with developers to understand and assess Invitae’s internally developed systems to ensure an appropriate level of security and control to meet appropriate regulations including HIPAA, ISO27001 and SOX
• Assess the scalability of technology supporting Invitae’s critical processes
• Act as technology liaison between Invitae’s external auditor, our Information Security Team and our Development Teams
• Be comfortable working with a cloud-based, AWS, microservices environment
• Familiarity with technology such as Okta, Splunk, GitHub, Kubernetes and Docker is a plus
• You will conduct internal process and risk reviews, brainstorming to design innovative solutions, assessing effectiveness of controls, applying critical thinking and analysis, and communicating risks to internal stakeholders
• You will manage the technology portion of the SOX effort, creating tasks and milestones, assigning resources and driving positive and measurable outcomes

Requirements:

• This position is located in our San Francisco office, though will initially be working remotely. You must have the ability to work from home and may later be asked to travel up to 10% of the time
• 5+ years of Technology, Security, Compliance, Internal Audit, or equivalent business experience
• Experience working with external auditors. Big-4 experience is a plus
• Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Information System Security Professional (CISSP), or similar certification is a plus
• Experience with, and a solid understanding of, business and IT processes including IT General Computer controls and application controls and segregation of duties (SOD) controls
• Familiarity with Service Organization Controls (SOC) reports and other third-party attestations
• Knowledge and experience evaluating, testing and reviewing internal controls over financial reporting (ICFR)
• ERP controls knowledge. Familiarity with Oracle Cloud, and Risk Management Cloud (RMC) are a plus
• Ability to work in a flexible, non-traditional environment
• Personality that unites people
• Ability to see the big picture and discern risk from distraction
• Capability to manage external resources and eventually direct reports
• Experience working in a fast-paced, high growth environment