Technology Audit Manager

About the role 

Roku is seeking a Technology Audit Manager to join its Finance & IT Compliance team. This role will lead and evolve Roku’s technology SOX compliance program, partnering closely with Engineering, Security, Product, and Finance teams to ensure scalable, high-quality controls across a rapidly growing and complex engineering environment. 

You will operate at the intersection of audit, technology, and automation, overseeing internal controls across enterprise systems, cloud infrastructure, data platforms, and cybersecurity. You will also drive controls-by-design for system implementations and business process transformations A key priority for this role is modernizing the IT SOX program through AI-powered automation and continuous auditing to improve precision, coverage, and efficiency. 

This is a high-impact, hands-on role for a proactive and driven professional who excels in fast-paced environments, collaborates effectively across teams, and brings the vision and execution focus to scale and modernize the compliance function alongside company growth. The ideal candidate brings strong experience in IT SOX and technology audits, along with a builder mindset, the ability to navigate ambiguity, and a track record of influencing cross-functional stakeholders. You should be equally comfortable diving into control details, partnering with engineering teams on system design, and driving strategic initiatives that enhance the overall control environment. 

For California Only - The estimated annual salary for this position is between $187,000 and 192,000 annually. Compensation packages are based on factors unique to each candidate, including but not limited to skill set, certifications, and specific geographical location. This role is eligible for health insurance, equity awards, life insurance, disability benefits, parental leave, wellness benefits, and paid time off. 

 

What you’ll be doing 

• Lead and oversee the company’s technology SOX compliance program, evaluating the design and operating effectiveness of IT general controls, automated controls, and key reports supporting financial reporting 
• Maintain a deep understanding of the organization’s end-to-end technology ecosystem and its impact on financial reporting, staying current on system changes, policies, regulatory guidance, and industry best practices 
• Own audit oversight for system implementations, technology transformations, and process automation initiatives, partnering cross-functionally to ensure controls-by-design, strong SDLC governance, and scalable SOX-readiness from pre-go-live through post-implementation 
• Lead cloud infrastructure audits across AWS and GCP environments, assessing controls over access management, network security, encryption, logging and monitoring, configuration management, and data residency; evaluate cloud-native security tools and drive control maturity 
• Drive AI-powered automation of internal controls testing by integrating with IAM platforms (e.g., Okta, AWS IAM) and GitLab to continuously monitor access risks, code changes, and CI/CD controls; leverage AI/ML and automation to detect anomalies and generate audit-ready evidence that enables continuous auditing and improves precision, coverage, and efficiency 
• Establish and maintain an AI controls automation governance framework, including model validation standards, quality thresholds, and human-in-the-loop checkpoints to ensure accuracy, auditability, and regulatory defensibility 
• Assess control deficiencies, perform root cause analysis, and drive remediation efforts to closure, including validation and re-testing of corrective actions 
• Coordinate with co-sourcing partners, external auditors, and control owners to ensure cohesive execution; act as a trusted advisor by anticipating stakeholder needs and delivering actionable insights 
• Prepare and review audit workpapers, reports, ensuring compliance with professional standards and delivering clear, data-driven insights 

 

We’re excited if you have 

• 6–8+ years of relevant technology audit and IT SOX compliance experience, ideally combining Big 4 public accounting and in-house internal audit/SOX roles at a fast-paced public technology company 
• Bachelor’s degree in computer science, Information Systems, Finance, Accounting, or related field 
• Professional certifications such as CISA, CISSP, or CISM preferred; additional certifications (CPA, CIA, CFE) are a plus 
• Strong experience across technology audit domains, including IT general controls (ITGCs), automated controls (ITACs), cloud infrastructure, data engineering, DevOps processes, cybersecurity, system implementations, and business process automation 
• Hands-on experience designing and evaluating IT general and security controls in cloud environments (AWS, GCP); cloud certifications are highly desirable  
• Experience auditing or supporting enterprise platforms (e.g., NetSuite, Salesforce, Workday) and modern engineering environments (e.g., GitHub, CI/CD pipelines) 
• Solid understanding of SOX and broader compliance frameworks (SOC 1/2, GDPR, PCI-DSS) and security/governance standards (ISO 27001, COBIT, NIST) 
• Experience operating in high-growth, fast-paced environments, with the ability to scale processes and controls alongside business expansion 
• Strong leadership, communication, and project management skills, with the ability to collaborate effectively across technical and business teams 
• Self-driven and proactive, with the ability to manage multiple priorities and deliver high-quality results with minimal supervision 

 

Extra Credit 

• Master's degree in finance, accounting, computer science, IT, or related field  
• Strong understanding of finance and business processes, including quote-to-cash, revenue recognition, procure-to-pay, HR operations, and payroll 
• Hands-on experience with automation, AI, and analytics tools to drive audit efficiency and insights. Familiarity with GRC tools like Auditboard is a plus 
• Experience with identity and access management (IAM) and governance tools (e.g., Okta, SailPoint, CyberArk), including user access reviews (UAR), role design, and segregation of duties (SoD) analysis 
• Proven ability to quickly learn and adapt to evolving emerging technologies, including AI, cloud, payments, data platforms, and modern engineering environments, within the media & entertainment industry 

#LI-RR1