About the role 

Roku is seeking a Technology Audit Manager to join its Finance & IT Compliance team. This role will lead and evolve Roku’s technology SOX compliance program, partnering closely with Engineering, Security, Product, and Finance teams to ensure scalable, high-quality controls across a rapidly growing and complex engineering environment. 

You will operate at the intersection of audit, technology, and automation, overseeing internal controls across enterprise systems, cloud infrastructure, data platforms, and cybersecurity. You will also drive controls-by-design for system implementations and business process transformations A key priority for this role is modernizing the IT SOX program through AI-powered automation and continuous auditing to improve precision, coverage, and efficiency. 

This is a high-impact, hands-on role for a proactive and driven professional who excels in fast-paced environments, collaborates effectively across teams, and brings the vision and execution focus to scale and modernize the compliance function alongside company growth. The ideal candidate brings strong experience in IT SOX and technology audits, along with a builder mindset, the ability to navigate ambiguity, and a track record of influencing cross-functional stakeholders. You should be equally comfortable diving into control details, partnering with engineering teams on system design, and driving strategic initiatives that enhance the overall control environment. 

For California Only - The estimated annual salary for this position is between $170,000 and 187,000 annually. Compensation packages are based on factors unique to each candidate, including but not limited to skill set, certifications, and specific geographical location. This role is eligible for health insurance, equity awards, life insurance, disability benefits, parental leave, wellness benefits, and paid time off. 

What you’ll be doing 

• Lead and oversee the company’s technology SOX compliance program, evaluating the design and operating effectiveness of IT general controls, automated controls, and key reports supporting financial reporting 
• Maintain a deep understanding of the organization’s end-to-end technology ecosystem and its impact on financial reporting, staying current on system changes, policies, regulatory guidance, and industry best practices 
• Own audit oversight for system implementations, technology transformations, and process automation initiatives, partnering cross-functionally to ensure controls-by-design, strong SDLC governance, and scalable SOX-readiness from pre-go-live through post-implementation 
• Lead cloud infrastructure audits across AWS and GCP environments, assessing controls over access management, network security, encryption, logging and monitoring, configuration management, and data residency; evaluate cloud-native security tools and drive control maturity 
• Drive AI-powered automation of internal controls testing by integrating with IAM platforms (e.g., Okta, AWS IAM) and GitLab to continuously monitor access risks, code changes, and CI/CD controls; leverage AI/ML and automation to detect anomalies and generate audit-ready evidence that enables continuous auditing and improves precision, coverage, and efficiency 
• Establish and maintain an AI controls automation governance framework, including model validation standards, quality thresholds, and human-in-the-loop checkpoints to ensure accuracy, auditability, and regulatory defensibility 
• Assess control deficiencies, perform root cause analysis, and drive remediation efforts to closure, including validation and re-testing of corrective actions 
• Coordinate with co-sourcing partners, external auditors, and control owners to ensure cohesive execution; act as a trusted advisor by anticipating stakeholder needs and delivering actionable insights 
• Prepare and review audit workpapers, reports, ensuring compliance with professional standards and delivering clear, data-driven insights 

We’re excited if you have 

• 6–8+ years of relevant technology audit and IT SOX compliance experience, ideally combining Big 4 public accounting and in-house internal audit/SOX roles at a fast-paced public technology company 
• Bachelor’s degree in computer science, Information Systems, Finance, Accounting, or related field 
• Professional certifications such as CISA, CISSP, or CISM preferred; additional certifications (CPA, CIA, CFE) are a plus 
• Strong experience across technology audit domains, including IT general controls (ITGCs), automated controls (ITACs), cloud infrastructure, data engineering, DevOps processes, cybersecurity, system implementations, and business process automation 
• Hands-on experience designing and evaluating IT general and security controls in cloud environments (AWS, GCP); cloud certifications are highly desirable  
• Experience auditing or supporting enterprise platforms (e.g., NetSuite, Salesforce, Workday) and modern engineering environments (e.g., GitHub, CI/CD pipelines) 
• Solid understanding of SOX and broader compliance frameworks (SOC 1/2, GDPR, PCI-DSS) and security/governance standards (ISO 27001, COBIT, NIST) 
• Experience operating in high-growth, fast-paced environments, with the ability to scale processes and controls alongside business expansion 
• Strong leadership, communication, and project management skills, with the ability to collaborate effectively across technical and business teams 
• Self-driven and proactive, with the ability to manage multiple priorities and deliver high-quality results with minimal supervision 

Extra Credit 

• Master's degree in finance, accounting, computer science, IT, or related field  
• Strong understanding of finance and business processes, including quote-to-cash, revenue recognition, procure-to-pay, HR operations, and payroll 
• Hands-on experience with automation, AI, and analytics tools to drive audit efficiency and insights. Familiarity with GRC tools like Auditboard is a plus 
• Experience with identity and access management (IAM) and governance tools (e.g., Okta, SailPoint, CyberArk), including user access reviews (UAR), role design, and segregation of duties (SoD) analysis 
• Proven ability to quickly learn and adapt to evolving emerging technologies, including AI, cloud, payments, data platforms, and modern engineering environments, within the media & entertainment industry 

#LI-RR1 

We are seeking a SAP Security & Platform Systems Engineer. This specialized role is responsible for the secure architecture and technical integration of our SAP S/4HANA RISE environment. The ideal candidate will bridge the gap between traditional SAP Security and modern Cloud Platform administration, ensuring robust, compliant, and well-connected SAP systems.

What You'll Do:

• SAP Security & Access Governance
  • Access Model Ownership: Design, build, and maintain S/4HANA business roles, Fiori catalogs, and authorization groups.
  • Identity Management: Perform configuration and troubleshooting of user provisioning and authentication workflows.
  • Compliance & Audit: Participate in technical efforts for SOX and ITGC audits, managing GRC/IAG (including SoD rulesets and Emergency Access/Firefighter) and providing technical evidence.
  • System and Data-Level Security: Perform vulnerability Assessment, secure Fiori apps/Web services and govern security measures at the CDS-view and OData service layer
• Platform Connectivity & System Administration
  • Cloud Ecosystem Integration: Design and manage technical trust configurations (SAML 2.0, OAuth 2.0, Principal Propagation) across S/4HANA, BTP, and SAP Analytics Cloud (SAC) etc.
  • BTP Management: Administer BTP subaccounts, service entitlements, and technical destinations.
  • Secure Connectivity: Install, configure, and monitor SAP Cloud Connectors to maintain secure data transfer between the RISE private cloud and BTP/external services.
  • Certificate Authority: Manage the full lifecycle of X.509 certificates and SSL handshakes within the entire SAP landscape.
  • RISE Coordination: Serve as the technical liaison with SAP RISE operations for system-level changes (e.g., refreshes, kernel parameters, OS configurations).

What You'll Need: 

• 10+ years in SAP technical roles, with a minimum of 3 years focused on S/4HANA and the Business Technology Platform (BTP).
• Expert proficiency in PFCG, SU24 optimization, and Fiori security architecture.
• Direct, practical experience with the SAP BTP Cockpit and SAP Cloud Connector.
• Proven ability to troubleshoot and manage Identity Protocols: SAML, OAuth2, and OpenID Connect (OIDC).
• Direct experience managing SOX/ITGC compliance requirements in a regulated or publicly traded company, reduce SOD violations
• Skilled in performing comprehensive end-to-end traces (e.g., ST01, browser traces, Cloud Connector logs) to diagnose connectivity and authorization issues. 
• Investigate and resolve Authorization-related issues, performing root cause analysis to prevent future breaches.
• Clear understanding of the SAP RISE shared responsibility model.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications.

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between $152,100 - $190,100. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

We are an equal-opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws. 

By applying, you agree to be bound by our candidate privacy policy.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.

Role

We are looking for a Cybersecurity Risk Management Principal to join our team. This is a hybrid role, going in to the San Jose, CA office 3 days a week.  You'll be reporting to the Sr. Director, Enterprise Risk Management within the Security GRC department. You will serve as a technical leader and subject matter expert, conducting sophisticated risk assessments and maintaining the strategic risk register to protect our global infrastructure. You'll bridge the gap between deep technical adversary tactics and high-level business impact to drive remediation across the enterprise.

What you’ll do (Role Expectations)

• Lead comprehensive cyber risk assessments using qualitative and quantitative methods, such as FAIR, to identify and articulate threats to business stakeholders

• Build and maintain a dynamic cyber risk register, ensuring prioritized risks and mitigation strategies are tracked and socialized with executive leadership

• Run the day-to-day operations for Security Policy Exceptions and Risk Acceptance processes to ensure compliance and balanced risk-taking

• Partner with Internal Audit, Compliance, and Security teams to embed risk management frameworks deeply into the enterprise risk lifecycle

• Apply the MITRE ATT&CK framework to analyze adversary techniques and translate that intelligence into actionable enhancements for the organization’s security posture

Who You Are (Success Profile)

• You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. True ownership involves leveraging dynamic range: the ability to navigate seamlessly between high-level strategy and hands-on execution.

• You are a problem-solver. You love running towards the challenges because you are laser-focused on finding the solution, knowing that solving the hard problems delivers the biggest impact.

• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

• You are a learner. You have a true growth mindset and are obsessed with your own development, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.

What We’re Looking for (Minimum Qualifications)

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or a related field

• 10+ years of experience in cybersecurity risk management with a focus on risk assessments and threat modeling

• Proficiency in the FAIR framework for risk quantification and the MITRE ATT&CK framework

• Expert-level communication skills with the ability to translate complex technical risks into clear, actionable insights for business audiences

• A results-driven approach to security risk management with a proven track record of solving complex security challenges

What Will Make You Stand Out (Preferred Qualifications)

• Advanced certifications such as CISA, CISSP, CISM, CRISC, or FAIR

• A Master’s degree in a technical or business-aligned field

• Prior experience leading a Compliance or Cyber Risk management function within the technology industry

#LI-BH1 #LI-Hybrid

Role 

We are looking for a Staff Information Systems Engineer based in San Jose (Hybrid, 3 days in office), reporting to the Manager, End User Engineering in the IT Digital Employee Experience department.

The Staff Information Systems Engineer (End-User Computing) defines and drives the strategy and architecture for Zscaler’s secure, cloud-first employee workspace across Windows, macOS, BYOD, and mobile (iOS & Android), ensuring devices are compliant, resilient, and scalable. The role connects End User Engineering(Digital Employee Experience) objectives to day-to-day execution by leading automation, self-service, and zero-touch deployment initiatives, integrating core platforms, and mentoring engineers to improve productivity, reduce risk, and modernize the end-user experience.

What you’ll do (Role Expectations)

• Define EUC strategy and future-state architecture across Windows, macOS, BYOD, and mobile (iOS/Android)
• Lead automation, self-service, and zero-touch provisioning initiatives
• Integrate and optimize core platforms (e.g., Workspace ONE/Intune/Jamf, Automox, Okta, Azure AD)
• Drive security, patching, and vulnerability remediation in partnership with Security
• Provide technical leadership (L4 escalation) and mentor engineers

Who You Are (Success Profile)

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. You adapt to what’s needed, navigating seamlessly between high-level strategy and hands-on execution.
• You are a positive force. You approach hard problems with constructive energy and a 'can-do' spirit that is contagious, inspiring your team to stay focused on the solution.
• You are data-driven. You use data and analytics to find the truth, measure what matters, and guide informed decisions. You value evidence over assumptions, replacing "I think" with "I know" to drive better outcomes.
• You operate with urgency. You understand that in a high-growth environment, speed and quality are not mutually exclusive. You have a relentless focus on execution and a bias for action, delivering high-impact results quickly to win for the customer and the team.
• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

What We’re Looking for (Minimum Qualifications)

• 8+ years in endpoint engineering/systems architecture, including prior lead ownership of enterprise-scale initiatives in a global environment
• Expert-level administration of at least one endpoint management stack (Workspace ONE / Intune (MEM) / Jamf) plus strong experience with patching at scale (e.g., Automox)
• Advanced automation skills (PowerShell, Python, and/or shell) with proven delivery of API-driven integrations/workflows across IT/Security/HR systems
• Demonstrated capability to drive zero touch provisioning, endpoint security, vulnerability remediation, and audit readiness in partnership with Security (Zero Trust mindset)
• U.S. citizenship due to the nature of the customers assigned to this role

What Will Make You Stand Out (Preferred Qualifications)

• Hands-on experience with Workspace ONE and Automox for end-to-end endpoint lifecycle management and patch/vulnerability management at scale
• Exposure to AIOps, VDI(Desktop as Service), and advanced self-service/self-healing programs, with measurable outcomes (e.g., reduced ticket volume, faster MTTR, improved device compliance)
• Proven success in FedRAMP/regulated environments, including building repeatable audit evidence, control workflows, and strong partnerships with Security/GRC

#LI-YC2 #LI-Hybrid

Smartsheet is seeking a dedicated, experienced Third Party Risk Management (TPRM) Senior Analyst to join our Risk team. This is a high-visibility, cross-functional role that requires sustained focus and ownership; you will be a primary point of contact for vendor risk across the organization, interfacing regularly with cross-functional teams (Legal, Procurement, Privacy, and Information Security) as well as system owners.

This role is a meaningful commitment. You will own a portfolio of vendor assessments and help drive program maturity. We are looking for someone who brings deep focus and genuine investment to this work, the kind of professional who sees TPRM not as a checkbox function but as a critical enabler of trust for a global SaaS platform.

You will report to the Third Party Risk Integration Manager located in the US. This role is eligible for remote work within Costa Rica. You  must reside in Costa Rica.

^{You Will}

• Lead end-to-end Third Party Risk Assessments for new and existing vendors, including vendor tiering, scoping, questionnaire management, and findings documentation.
• Own the ongoing monitoring and tracking of vendor risk across Smartsheet's third-party portfolio, ensuring timely follow-up on remediation activities and risk acceptance decisions.
• Evaluate vendor security documentation including SOC 2 reports, penetration testing results, ISO certifications, and other control attestations — and translate findings into clear, actionable risk summaries for stakeholders.
• Drive process improvement initiatives within the TPRM program, identifying opportunities to scale and mature the program through better tooling, automation, and workflow design.
• Collaborate cross-functionally with Legal, Procurement, Information Security, Privacy, and business stakeholders to ensure vendor risk considerations are embedded in sourcing and renewal decisions.
• Leverage AI tools (including Claude and Microsoft Copilot) to increase efficiency in vendor reviews and documentation — while applying sound judgment to review, validate, and take accountability for AI-generated outputs.
• Contribute to broader risk program activities including risk reporting, policy review, and program documentation as part of a lean, high-performing Risk team.
• Support the development of TPRM metrics and reporting to provide leadership with meaningful visibility into the organization's third-party risk exposure.
• Other job duties as assigned

You have

• 5+ years of experience in third party risk management, vendor risk, GRC, information security, audit, or compliance — with direct experience conducting vendor or third-party risk assessments.
• Practical knowledge of one or more risk or regulatory frameworks such as NIST, ISO 27001, COSO, COBIT, AICPA SOC/TSP, PCI DSS, or similar.
• Familiarity with vendor security questionnaire frameworks, including SIG (Shared Assessments) and/or CSA CAIQ.
• Demonstrated ability to review and interpret SOC 2 reports, penetration testing summaries, and other vendor security attestations.
• Experience working in cross-functional environments involving Legal, Procurement, and/or Engineering stakeholders.
• Strong written and verbal communication skills in English, with the ability to translate technical risk findings into clear business language.
• Effective critical thinking and judgment — able to assess risk materiality, prioritize competing demands, and escalate appropriately.
• Comfort working with and evaluating AI-generated content, with a clear understanding of the need to verify outputs before relying on them in risk decisions.
• Adaptability to evolving regulatory requirements and a genuine interest in staying current on the third-party risk landscape.

Nice to have

• Experience with vendor risk management platforms such as AuditBoard, Archer, OneTrust, ServiceNow GRC, Vanta, or Coupa.
• Background in SaaS, cloud, or technology company environments.
• Familiarity with AI-assisted workflows in a GRC or compliance context.
• Experience supporting or contributing to audit processes (e.g., SOC 2, ISO 27001, BARR).
• Relevant certifications such as CISA, CRISC, CTPRP, or equivalent.
• Experience with operational risk across multiple business units, legal entities, or jurisdictions.

Teleworking options from any registered location in Costa Rica (role specific)

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint. 

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.”  SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Role

SecurityScorecard's Solutions Architects team are trusted security advisors and business partners both internally and to prospective clients, offering deep knowledge about the market and our solution. We are intellectually curious, find great reward in delivering valuable solutions to customers, and are passionate about cybersecurity.

We are looking for an experienced and dynamic Solutions Architecture to work with our Sales teams across the US. The candidate will own the pre-sales technical engagement with our customers. The ideal candidate will have a strong technical background, exceptional verbal skills and be a strong cross functional collaborator.

Success in this role requires security and technical acumen to develop a deep understanding of SecurityScorecard's architecture and services and a consultative approach to understanding customer business needs. You'll leverage your strategic communication skills to engage in technical and business discussions with engineers and senior decision makers alike, translating customer needs into technical requirements and conveying the merit of SecurityScorecard's solutions throughout.  

NOTE:  It is a requirement that this role is in the Pacific or Mountain time zones.

Key Responsibilities

• Collaborate with the Sales team to identify technical requirements and develop customized solutions that address complex client needs, while driving revenue growth and customer satisfaction
• Delivery of compelling technical presentations, product demonstrations and Proof of Value projects for prospective clients
• Support SecurityScorecard at Industry events and C level round table events
• Work closely with Product Management and Engineering to provide market feedback and influence product roadmap based on customer needs and competitive landscape
• Proven track record of gathering detailed success metrics for customer PoV’s, including tracking and reporting
• Awareness and enforcement of MEDDPICC best practices in sales cycles
• Become a subject matter expert on cyber first Supply Chain services.
• Ability to engage with all different types of personalities and working styles across the team
• Build and foster strong relationships with other business teams, such as Marketing, Support and Customer Success
• Not afraid to be a champion for your prospects, advocating for their needs.

Skills and Experience

• 5+ years of relevant work experience (cybersecurity, TPRM, GRC, and/or similar)
• Demonstrated presentation and interpersonal skills; communicate in front of large groups with a mixed audience of technical and non-technical 
• Experience working with enterprise level clients and managing complex sales cycles
• Demonstrated ability to manage complex technical projects, demonstrate clear business value and lead technical strategy in sales engagements
• Bachelor Degree in Computer Science or equivalent work experience
• Sales experience NOT REQUIRED, but experience of selling technical SaaS and/or managed service solutions a plus
• Industry Certifications such as CEH, CISSP, CompTIA Security+ CISA  GCIH etc a plus

Traits

• Highly motivated self starter who works well cross functionally
• Intellectually curious; seeks to continually self-educate and evolve domain specific knowledge 
• Willing to travel on day and overnight trips throughout the US

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated total compensation range for this position is $100,000 - $195,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits. 

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. 

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. 

SecurityScorecard does not accept unsolicited resumes from employment agencies.  Please note that we do not provide immigration sponsorship for this position.   #LI-DNI