IT Auditor

Position: IT Auditor

Location: Remote (HQ: Tustin, CA)

Pay:  $115k to $145k

Disclaimer:  Identity Verification checks are in place throughout the Candidate journey to prevent candidate fraud.

Position Summary:

New American Funding (NAF) is seeking an experienced IT Auditor to play a critical role in ensuring the integrity, confidentiality, and availability of our technology systems. This newly created position will lead and execute IT audits, assess control environments, drive compliance initiatives, and respond to internal and external IT audit requests.

The IT Auditor will bring a strategic, analytical mindset and a deep understanding of IT governance frameworks, risk management practices, and cybersecurity controls. This individual will report to the Sr. Director of Cybersecurity Services under the SVP of Technology Services and Chief Information Security Officer (CISO) and will be a key contributor to the enhancement of NAF's control environment.

Duties and Responsibilities:

• Lead Compliance & Controls Testing: Design, lead, and perform comprehensive IT control reviews and compliance testing aligned with regulatory and industry frameworks (e.g., SOC 2, NIST, NY DFS, CCPA/CPRA). Identify control weaknesses and recommend remediation strategies.
• Audit Strategy & Execution: Collaborate with senior IT leadership and Governance teams to develop audit plans and testing strategies based on enterprise risk assessments. Lead high-impact audits across infrastructure, cloud, applications, and cybersecurity domains.
• Controls & Risk Evaluation: Independently evaluate IT controls, including access management, change management, data protection, network security, business continuity, and disaster recovery. Provide insight into control maturity and operational risk exposure.
• Technology & Evidence Review: Assess automated evidence gathered by NAF’s Next Gen GRC/IRM platform. Partner with control owners to validate effectiveness and drive continuous improvement in evidence quality and timeliness.
• Reporting & Recommendations: Prepare executive-level audit reports that clearly articulate testing performed, risk exposure, control gaps, and actionable recommendations. Present findings to leadership and governance bodies.
• Remediation Oversight: Guide and monitor the implementation of remediation plans, ensuring timely and effective resolution of identified issues. Conduct follow-up reviews to validate remediation efforts.
• Risk Management: Support ongoing IT risk assessment efforts to identify areas of heightened risk. Recommend enhancements to control coverage and risk mitigation practices.
• Stakeholder Engagement: Serve as a liaison between IT, business units, and external auditors. Ensure strong collaboration and alignment of controls testing across the organization.
• Regulatory & Industry Expertise: Stay informed on emerging regulatory requirements, auditing standards, and technology trends. Interpret and apply requirements to improve NAF’s IT risk and compliance posture.
• Mentorship & Leadership: Provide guidance and mentorship to future junior audit team members. Share knowledge and promote professional development within the team.
• Process Optimization: Champion innovation in audit processes, including automation, data analytics, and risk-based methodologies to increase audit efficiency and effectiveness.

Qualifications

• Deep understanding of IT governance, compliance, and risk management principles
• Strong knowledge of frameworks and standards such as SOC 2, NIST CSF/800-53, CIS Controls, NY DFS, and CCPA/CPRA
• Experience with IT GRC/IRM platforms (e.g., Archer, ServiceNow, OneTrust, or similar)
• Familiarity with cloud environments (Azure, AWS, GCP) and modern IT infrastructures
• Proven ability to adapt to rapidly changing technology landscapes and compliance requirements
• Excellent analytical, problem-solving, and critical thinking skills
• Strong interpersonal, written, and verbal communication abilities
• Experience presenting to senior leadership and cross-functional teams

Education, Experience and Certification:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field
• Professional certifications preferred: CISA, CISSP, CRISC, CISM, CGRC (formerly CAP), CDPSE, CGEIT, CIA
• Minimum 5-7 years of progressive experience in IT audit, IT risk management, cybersecurity, or compliance in a complex enterprise environment

Work Authorization: Must be able to verify identity and employment eligibility to work in the U.S.

Other Duties: This job profile is not intended to be an all-inclusive list of job duties and responsibilities, as one may perform additional related duties as assigned in order to meet the needs of the organization.

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.

[EOE/M/F/D/V. Drug-free workplace.]

#LI-KH1

#Remote