Senior IT Audit & Assurance Analyst

At Abrigo, we provide market-leading compliance, credit risk and lending software solutions that financial institutions use to manage risk and drive growth. Our solutions automate key processes and allow our customers to maintain compliance, fight financial crime, process loans quicker, and leverage data to strengthen their portfolio.Abrigo is seeking a Senior IT Audit & Assurance Analyst to join our IT Risk & Assurance team, leading the execution of SOC audit engagements, IT internal audit coordination, IT internal control testing and monitoring, and risk assessment activities for a fast-paced fintech SaaS company serving community financial institutions nationwide.This position is remote-primary based in Raleigh, NC, with quarterly on-site team engagements (three days each) and periodic on-site visits during external audit fieldwork (up to three weeks annually). This role reports to leadership within the IT Risk & Assurance Team, within an organization that operates under a security-first model under the Chief Information Security Officer.What You’ll Do:SOC & External Audit Engagement Management:Serve as a primary point of contact for external audit firms conducting enterprise SOC 1 and SOC 2 audit engagements, managing the engagement lifecycle from annual renewal and kickoff through final report issuanceManage ad-hoc SOC 1 and SOC 2 audit engagements for newly acquired products not yet in scope of the enterprise SOC reportsCoordinate document requests, evidence collection timelines, and walkthrough scheduling with internal control owners across the organizationEvaluate audit artifacts for completeness and accuracy before submission to external auditorsCommunicate preliminary audit findings to management and assist in drafting management responsesIT Internal Audit Coordination:Serve as the primary liaison with the external IT internal audit firm, managing document requests, walkthrough scheduling, and audit status reporting for audits aligned with FFIEC IT Handbook standardsPerform walkthroughs with product teams and internal control owners to assess the IT internal control environment and recommend IT internal controls based on SOC and IT internal audit requirementsProactively identify control gaps and recommend remediation strategies to control ownersRisk Finding Management & Control Monitoring:Own the full lifecycle of the IT risk finding register, from opening findings through remediation closure, including escalation of overdue findings to managementDocument and process risk acceptance based on control owner feedbackPerform ongoing monitoring of specific IT internal controls to ensure SOC and IT internal audit readiness throughout the yearPerform periodic IT internal control testing to validate control design and operating effectivenessConduct periodic risk finding reviews to verify findings were closed appropriately with supporting remediation evidenceRisk Assessments & Policy Coordination:Lead annual updates to IT risk assessments, including the FFIEC Cybersecurity Assessment Tool (CAT), NIST CSF control mappings, and CIS Controls risk assessmentsLead the annual business impact analysis update, evaluating likelihood and impact of potential disruptions to the technology environmentCoordinate the annual policy update cycle with policy owners, including documenting changes, presenting to the IT Steering Committee, and coordinating management and Board approvalPerform additional IT risk and assurance duties as assigned to support the team's evolving needs What You’ll Need:Bachelor's degree in Information Systems, Accounting, Computer Science, or related discipline; equivalent professional experience may be substituted in lieu of a degree3–6 years of experience in IT audit, IT risk, or IT compliance, such as advisory services at a CPA or consulting firm, IT internal audit at a financial institution, or GRC at a technology companyHands-on experience managing or significantly contributing to SOC 1/SOC 2 audit engagements, including evidence collection and walkthrough coordinationWorking knowledge of IT general controls and their application to SOC trust services criteria and/or FFIEC IT Handbook examination standardsDemonstrated experience performing IT internal control testing and evaluating control effectivenessExperience maintaining risk finding registers and managing risk remediation lifecyclesFamiliarity with IT risk assessment frameworks such as FFIEC CAT, NIST CSF, or CIS ControlsStrong written and verbal communication skills with the ability to interact effectively with external auditors, internal control owners, and managementStrong organizational skills and the ability to independently manage multiple audit and assurance workstreams in a remote-first environmentMust be available for quarterly on-site team engagements in Raleigh, NC and periodic on-site visits during external audit fieldworkPreferred:CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control)Experience in the financial services, banking, or fintech industryExperience with FFIEC regulatory examinations or bank/credit union technology audit programsExperience with SaaS/cloud environments (AWS, Azure) and understanding of shared responsibility modelsExperience coordinating with outsourced or co-sourced internal audit functions What You’ll Get:Market competitive total rewards packageTo be part of the Heart & SOUL of a winning company with an inspiring missionThe opportunity to Make Big Things HappenCompetitive salary along with full health benefits with an HSA optionFlexible PTO and bank holidays401(k) plan and company matchWe are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, age, genetic trait, sexual orientation, national origin, disability status, or any other characteristic protected by law. Abrigo is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at careers@abrigo.com with the subject line accommodation.