Sr. Security Compliance Specialist - SOX, SOC

What Youll Do
Avalara is looking for a Security controls specialist to join our team, reporting to the Sr. Manager, Governance Risk and Compliance. You will collaborate with multiple teams to design an internal control environment for Sarbanes-Oxley compliance.
What Your Responsibilities Will Be

• Support the build-out of technical SOX controls, working with Security, engineering, finance and IT to document and test controls across key systems.
• Assist in technology risk assessments to identify gaps against IPO-readiness benchmarks
• Help drive IT General Controls implementation, application controls and report testing, coordinating with internal teams and external auditors.
• Work with cross-functional teams to develop process flows, SOPs, and runbooks for key controls.
• Partner with all stakeholder teams to track control ownership, remediation efforts, and evidence collection.
  

Coordinate the documentation and migration of control information into Avalaras GRC platform.

• Proactively engage on multiple simultaneous projects with internal and external stakeholders to support strategic security and compliance objectives.
• Assist with the performance of ad hoc risk and compliance assessments as needed.
  

What Youll Need To Be Successful

• Bachelors degree in Information Technology, Computer Science, or equivalent experience.
• 5+ years of experience in IT Audit, IT Security, or IT Risk Management.
• Proven experience conducting systemic risk analysis in complex technical environments, including reviewing application design and architecture.
• Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST, etc.
• Strong understanding of application security principles, including the ability to assess risk through code and design review processes.
• Deep knowledge of technical controls, including their design, implementation, and effectiveness.
  

Experience working with business continuity, disaster recovery, vendor risk management, data privacy, and regulatory compliance.

• Skilled in identifying business risks and evaluating trade-offs between technical and business objectives.
• Experience with risk management platforms (e.g., ServiceNow GRC) is a plus.
• Highly self-motivated, proactive, and capable of managing concurrent priorities with minimal supervision.
• Strong organizational, planning, verbal, and written communication skills.
  

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired

How Well Take Care Of You
Total Rewards
In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.
Health & Wellness
Benefits vary by location but generally include private medical, life, and disability insurance.
Inclusive culture and diversity
Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.
Learn more about our benefits by region here: Avalara North America
What You Need To Know About Avalara
Were Avalara. Were defining the relationship between tax and tech.
Weve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and were not slowing down until weve achieved our mission - to be part of every transaction in the world.
Were bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture weve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.
Weve been different from day one. Join us, and your career will be too.
Were An Equal Opportunity Employer
Supporting diversity and inclusion is a cornerstone of our company we dont want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.