Internal Audit Lead - IT Controls and Data Assurance

Lambda, The Superintelligence Cloud, builds Gigawatt-scale AI Factories for Training and Inference. Lambda’s mission is to make compute as ubiquitous as electricity and give every person access to artificial intelligence. One person, one GPU.

If you'd like to build the world's best deep learning cloud, join us. 

*Note: This position requires presence in our San Jose office location 4 days per week; Lambda’s designated work from home day is currently Tuesday.

What You’ll Do

We are seeking a highly skilled Internal Audit Lead – IT & Data Assurance to join our Internal Audit team, reporting directly to the Head of Internal Audit. This role will be primarily responsible for SOX compliance, IT controls, and data assurance activities for SaaS and third-party hosted business systems, with additional oversight of homegrown applications and systems as needed. The individual will lead testing and assurance projects related to IT General Controls (ITGCs), IT Automated Controls, and Key Report testing, while also driving advisory initiatives to strengthen IT governance, risk management, and data integrity across the enterprise. This is a Senior level role that combines hands-on testing and evaluation with leadership, oversight, and stakeholder engagement.

• SaaS / Business Systems IT Controls

  • Lead SOX IT testing and assurance activities for SaaS and third-party hosted business applications, including ERP, CRM, HR, procurement, and financial reporting systems.

  • Evaluate and test IT General Controls, automated business process controls, and key report logic across cloud-hosted platforms.

  • Collaborate with system administrators, business owners and SaaS vendors as needed to validate control design across all applicable IT control domains.

  • Assess vendor SOC reports to ensure adequate assurance over outsourced IT environments.

  • Assist in the annual IT SOX scoping and risk assessment process in alignment with the overall ICFR and SOX program.

  • Conduct and lead walkthroughs and design/effectiveness testing of IT controls across homegrown and third-party systems

  • Coordinate evidence collection, manage remediation efforts, and ensure timely closure of audit gaps.

  • Oversee the work of co-sourced as well as internal team members and review their work to ensure high-quality, consistent results.

  • Identify control deficiencies and work with management to design effective remediation approaches and measures.

  • Monitor changes to business processes and apply independent judgement to evaluate the potential impact to the control environment and recommend necessary improvements. Present the impact of the changes to the Head of Internal audit and other stakeholders prior to implementation.

  • Manage and update all ICFR / SOX 404 documentation as required including COSO framework mapping, process and control narratives/flowcharts, risk and controls matrix, and testing approach.

  • Apply professional skepticism and subject matter expertise to independently evaluate and conclude on control deficiencies and develop the necessary remediation actions and monitor their implementation in due time.

• Stakeholder Engagement

  • Act as the primary liaison with IT, Security, and Finance leadership for SaaS and IT SOX assurance.

  • Collaborate with external auditors to coordinate SaaS control testing approaches and reliance strategies.

  • Train business and IT process owners on SaaS control requirements, third-party assurance, and best practices.

• Reporting & Communication

  • Prepare high-quality reports and presentations on SaaS IT control results, data assurance findings, and remediation progress for executive leadership and the Audit Committee.

  • Communicate complex IT and SaaS control issues in business-friendly terms to non-technical stakeholders.

  • Stay current on emerging risks, regulations, and trends related to SaaS governance, IT risk, and data assurance.

You

• Education & Certification

  • Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.

  • CISA required; CISSP, CISM, or CPA/CIA preferred.

• Experience

  • 8+ years of experience in IT audit, IT SOX compliance, or IT risk management, with strong focus on SaaS and third-party hosted systems.

  • Big Four accounting firm or equivalent experience in Internal or External Audit or IT consulting practice.

  • Deep expertise in ITGCs, IT Automated Controls, key report testing, and their relevance to ICFR, Internal audit methodology and IIA standards.

  • Experience assessing SOC 1 / SOC 2 reports and integrating vendor assurance into SOX programs.

  • Background in both SaaS environments and homegrown applications preferred.

  • Experience of working with audit management tools (e.g., AuditBoard, Archer, Workiva) to manage SOX and IT compliance programs..

• Skills & Competencies

  • Strong technical understanding of SaaS environments, including access management, change management, integrations, and configuration controls.

  • Strong analytical and technical skills with the ability to evaluate IT and data risks across complex environments.

  • Familiarity with data governance, reporting assurance, and cloud compliance requirements.

  • Excellent project management and stakeholder engagement skills.

  • Proven ability to lead and review the work of internal teams and co-sourced resources.

  • Organized, detail-oriented, and able to manage multiple priorities in a dynamic environment.

Nice to Have

• Experience with data analytics and automated testing tools to enhance SOX testing efficiency and insights.

• Exposure to emerging technologies such as cloud computing, cybersecurity, and RPA, and their control implications.

• Prior experience working in a fast-growth or global organization, adapting SOX programs to evolving structures and complexity.

• Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001, COBIT) and their application to IT risk management.

• Experience with data governance and data integrity reviews, including testing controls over data migration, transformation, and reporting.

• Prior involvement in system implementation or upgrade reviews for ERP, financial systems, or homegrown applications.

• Exposure to DevOps, agile development, or CI/CD environments, including related ITGC and change management considerations.

• Working knowledge of data analytics and automation tools (e.g., SQL, Python, ACL, Power BI) to enhance testing efficiency and assurance insights.

Salary Range Information

The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.

About Lambda

• Founded in 2012, ~400 employees (2025) and growing fast

• We offer generous cash & equity compensation

• Our investors include Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, US Innovative Technology, Gradient Ventures, Mercato Partners, SVB, 1517, Crescent Cove.

• We are experiencing extremely high demand for our systems, with quarter over quarter, year over year profitability

• Our research papers have been accepted into top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG

• Health, dental, and vision coverage for you and your dependents

• Wellness and Commuter stipends for select roles

• 401k Plan with 2% company match (USA employees)

• Flexible Paid Time Off Plan that we all actually use

A Final Note:

You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills.

Equal Opportunity Employer

Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.