Senior SOX Auditor - IT Controls

# Building the Future of Crypto Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology. **What makes us different?** Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world. Before you apply, please read the [Kraken Culture](https://www.kraken.com/culture) page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account [here](https://support.kraken.com/hc/en-us/articles/226090548-How-to-create-an-account-on-Kraken). As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to [industry-leading security](https://blog.kraken.com/crypto-education/security-at-kraken), [crypto education](https://blog.kraken.com/category/crypto-education), and [world-class client support](https://blog.kraken.com/crypto-education/support-at-kraken) through our products like [Kraken Pro](https://pro.kraken.com/), [Desktop](https://www.kraken.com/desktop), [Wallet](https://www.kraken.com/wallet), and [Kraken Futures](https://www.kraken.com/features/futures). **Become a Krakenite and build the future of crypto!**

### ITGC SOX controls testing - Lead the execution of independent testing of IT General Controls (ITGCs) across key control domains: access management, change management, and system operations. - Evaluate the design and operating effectiveness of IT controls across in-scope applications and infrastructure, including systems that support blockchain-native operations, digital asset custody, and crypto trading platforms. Document testing procedures and results to meet Internal Audit and external auditor quality standards. - Identify new systems, applications, or process changes that emerge during testing and assess their SOX implications in coordination with the SOX Compliance team. - Build and maintain testing programs, templates, and workpapers that create a repeatable, scalable foundation for IT SOX testing. - Identify opportunities to leverage AI-enabled workflows and data analytics to improve testing coverage and efficiency across IT control domains. ### Remediation validation & issue management - Independently validate the remediation of open SOX findings, including material weaknesses and significant deficiencies, across ITGC control areas. - Evaluate control deficiencies by performing root cause analysis and assessing the severity and pervasiveness of exceptions to inform deficiency classification. - Assess whether management’s remediation actions are adequately designed and operating effectively before closing findings. - Track remediation progress, escalate delays or gaps, and report status to Internal Audit leadership and the Audit Committee as required. - Coordinate with the SOX Compliance team to ensure alignment on remediation expectations, timelines, and evidence requirements. ### Stakeholder engagement & reporting - Serve as a trusted Internal Audit point of contact for IT control owners across Engineering, Infrastructure, Security, and IT Operations. Bridge the gap between audit methodology and engineering culture — these teams speak a different language than accountants, and you need to be fluent in both. - Contribute to Internal Audit reporting to the Audit Committee, external auditor, and senior leadership on IT SOX testing coverage, findings, and remediation status. - Partner with the business process SOX tester and co-sourced resources to ensure coordinated testing coverage across the full SOX program.

### Skills you should HODL - 8+ years of experience in IT audit, internal audit, external audit, or SOX compliance, with significant exposure to IT general controls testing. - Experience in crypto, fintech, payments, or technology-intensive environments with complex, rapidly evolving infrastructure. - CISA and CPA certifications required. Candidates with one certification who are actively pursuing the other will be considered. - Strong knowledge of ITGC frameworks, SOX compliance requirements, COSO, COBIT, and PCAOB auditing standards as they apply to IT controls. - Hands-on experience testing ITGCs across access management, change management, and system operations. - Technical fluency with enterprise technology environments — you don’t need to be an engineer, but you need to understand how systems, databases, and deployment pipelines work to effectively test the controls around them. - Understanding of how IT controls underpin the reliability of financial reporting — you can connect an ITGC failure to its downstream impact on business process controls and the financial statements. - Experience working with or alongside external auditors (Big 4 preferred) on SOX engagements. - Experience operating across multi-entity structures or multiple jurisdictions. - Effective communicator who can translate technical IT audit findings for control owners, engineering teams, senior leadership, and external stakeholders.

Kraken (legally Payward, Inc.) is a US-based cryptocurrency exchange that facilitates trading of cryptocurrencies, stocks, futures, and ETFs in most US states. It serves over 10 million clients worldwide with $207 billion in quarterly trading volume and has expanded to tokenized equities for non-US customers.