IT Audit Subject Matter Expert

Overview

Design the future of AI-powered auditing. We're building an intelligent platform that transforms how auditors conduct audits and assessments, create reports, find and fix inconsistencies and controls testing.

Join us in creating intuitive interfaces for complex B2B workflows where AI agents work alongside human experts.

What you will do
‍

• Translate SOC 1, SOC 2, ISO 27001, ISO 27701, and PCI DSS requirements into detailed specifications for our automation platform and AI agents.

‍

• Partner with engineering to design and validate automated audit workflows that meet AICPA, ISO, and PCI SSC professional standards and produce report-ready evidence.

‍

• Review and approve product features before release to confirm they reflect current auditing best practices.

‍

• Interface directly with auditors and customer compliance teams on methodology, control validation, sampling, and evidence sufficiency.

‍

• Support Customer Success across the full lifecycle — auditor demos and onboarding, audit-cycle support, and multi-framework expansion.

‍

• Track regulatory and standards changes (AICPA, ISO, PCI SSC) and ensure the platform stays ahead of them.

You should have

‍

• Eight or more years of hands-on IT audit experience, including time at a Big Four firm or another recognized public accounting / advisory practice running SOC and ISO engagements at scale.

‍

• Experience leading SOC 1 and SOC 2 Type 1 and Type 2 engagements end-to-end — scoping, walkthroughs, control testing, evidence evaluation, and reporting.

‍

• Current technical depth in ISO 27001 and ISO 27701 controls, Statement of Applicability, and surveillance/recertification procedures.

‍

• Working knowledge of PCI DSS scoping, control testing, and ROC/SAQ workflows.

‍

• A demonstrated ability to translate compliance requirements into technical specifications engineers can implement without ambiguity.

‍

• Active, hands-on use of AI tools — Claude Code, Cowork, and similar — as idea partners to explore and pressure-test product ideas, run data analyses, and accelerate your own work.

‍

• CISA, ISO 27001 Lead Auditor or Lead Implementer, or equivalent credentials.

‍

• Excellent written and spoken English, with the range to move between auditor, engineer, and executive audiences.

‍

• Comfort working remotely with overlap into U.S. business hours.

‍

• A bachelor's or advanced degree in information security, cybersecurity, computer science, accounting, or a related field.

Nice to have

‍

• QSA designation or hands-on PCI DSS assessment experience.

‍

• Familiarity with HIPAA, HITRUST, NIST CSF, ISO 31000, GDPR, India DPDP Act, or other industry-specific frameworks.

‍

• Experience evaluating, implementing, or building GRC platforms, audit management tools, or compliance automation products from an auditor's point of view.

‍

• Working understanding of APIs, cloud infrastructure (AWS, Azure, GCP), SaaS architectures, and how modern engineering teams actually operate the controls auditors test.

‍

• Exposure to how AI and machine learning can enhance audit procedures, sampling, and evidence collection.

‍

• Prior experience training other auditors or compliance practitioners on new methodologies or technology.

‍

• Track record of speaking, writing, or otherwise contributing to the IT audit community.

‍