Are you a tech savvy IT and risk assurance professional who is looking for a challenge in an exciting, fast-growing company? Spotify is looking for an IT Internal Audit Manager for our growing Internal Audit team. Does this sound like you? If so – we’d love to talk to you!
The IT Internal Audit team is a part of our Internal Audit function and is one of the main stakeholders in Spotify’s management of risks related to technology, information and processes. Our function excels and thrives in cross-functional collaboration and works closely with a diverse range of people within the IT, finance, product development, security, infrastructure/operation, payment and legal teams. Your primary responsibilities are to assess compliance with relevant regulatory frameworks, performing internal audits on identified areas and being a point of contact risk-related questions. Above all, your work will impact the way the world experiences music.
What you’ll do
- Responsible for assessing and prioritizing the technology risks within Spotify as it relates to financial reporting.
- Participate in ongoing enterprise risk assessment process and assist in developing and executing on Spotify’s audit plan.
- Perform internal testing on systems and data processing focusing on IT General Controls and application controls, and make recommendations to ensure the adequacy and effectiveness of the processes and controls.
- Work with our external auditors as well as other external parties for independent security audits. Recommend improvements to processes and controls and help stakeholders develop a plan to address issues raised in internal and external audits.
- Perform assessments and coach teams related to regulatory requirements such as General Data Protection Regulation (GDPR).
- Collaborate very closely with Spotify’s finance and IT teams and align internal control initiatives.
- Coordinate with other risk management functions (e.g., Legal, Information Security) to minimize duplication of effort and to ensure efficient execution.
- Continuously improve our ability to mitigate risks throughout the company and come up with recommendation on how to integrate controls as part of daily operations.
Who you are
You love working in fast-changing environments and change management comes natural to you. You are a proactive and structured problem-solver and collaborate well in geographically-diverse teams. You don’t mind rolling up your sleeves and getting into the details but can also operate on a strategic level.
- You have significant experience with IT risk, governance and compliance. Experience from the Big 4 accounting firms and/or internet/tech companies is a strong plus.
- You must have recent experience with Sarbanes-Oxley and significant experience working with internal control frameworks, including testing and evaluating the design and operating effectiveness of IT general controls and how that impacts the business process controls.
- Experience in auditing cloud based corporate systems (e.g., Netsuite and Salesforce) is a must.
- You have experience with information-security related work (e.g. implemented and/or conducted audits on relevant security frameworks), and have experience with security standards such as SOC1, SOC2 and PCI DSS.
- CISA, CISM, CISSP or CIA and other relevant professional certifications are a merit.
- A persuasive and credible communicator who earns the trust of developers, engineers, business process owners and senior management.
- Problem solving skills that demonstrate logical thinking to reach a solution
- Excellent collaborator: deep experience working with others to find solutions to complex problems.
We are proud to foster a workplace free from discrimination. We strongly believe that diversity of experience, perspectives, and background will lead to a better environment for our employees and a better product for our users and our creators. This is something we value deeply and we encourage everyone to come be a part of changing the way the world listens to music.