The Internal Audit (“IA”) Department is seeking a highly motivated IT Audit Senior to join our Internal Audit team in the retail industry. This role focuses on executing IT operational audits and supporting SOX compliance efforts, including testing IT General Controls (ITGCs) and IT Application Controls (ITACs). The ideal candidate has 3–4 years of experience and a strong understanding of IT risk and control frameworks. This role is based in the San Francisco Office.
Execute end-to-end IT audits, including planning, risk assessment, execution, and reporting, while driving alignment with cross-functional stakeholders.
Assess the design and operating effectiveness of IT controls across applications, infrastructure, and data environments, with a focus on key risk areas.
Identify systemic control gaps and emerging risks, and provide strategic, risk-based recommendations to strengthen the control environment.
Partner with IT, Security, and Compliance leadership to influence control design, risk mitigation strategies, and process improvements.
Deliver high-quality audit documentation and insights, and contribute to the evolution of audit methodologies and practices.
Lead execution of SOX IT testing, including IT General Controls (ITGCs) and IT Application Controls (ITACs), ensuring alignment with ICFR requirements.
Exercise judgment in evaluating control design and operating effectiveness, including assessing automated controls and system-generated reports.
Drive SOX activities including walkthroughs, RCM development and refinement, and scoping of in-scope systems and risks.
3-4 years of experience in IT auditing, risk management, or information security.
Experience with SOX IT controls (ITGCs & ITACs) and a solid understanding of ICFR concepts and financial reporting risks.
understanding of IT environments, including applications, infrastructure, databases, and cloud platforms (e.g., AWS, Azure).
Knowledge of IT risk and control frameworks (e.g., NIST, ISO 27001, COBIT) and core domains such as access management, change management, and IT operations.
Strong communication and interpersonal skills, with the ability to partner with stakeholders and influence outcomes.
Excellent organizational and project management skills, with the ability to manage multiple priorities and deliver high-quality work.
Nice to Have:
Professional certifications such as CISA, CRISC, CISSP, or equivalent.
Experience working with external auditors and supporting SOX reliance strategies (e.g., SOC reports, CUECs).
Familiarity with audit tools, data analytics, and GRC platforms (e.g., AuditBoard, ServiceNow).
Experience in a retail or consumer-facing environment.
Gap Inc., a house of iconic brands, is the largest specialty apparel company in America. Its Old Navy, Gap, Banana Republic, and Athleta brands offer clothing, accessories, and lifestyle products for men, women and children. Since 1969, Gap Inc. has created products and experiences that shape culture, while doing right by employees, communities and the planet. Gap Inc. products are available worldwide through company-operated stores, franchise stores, and e-commerce sites. Fiscal year 2023 net sales were $14.9 billion. For more information, please visit www.gapinc.com.
