Automation & Tooling
- Build and maintain automation for continuous control monitoring, evidence collection, and audit readiness through scripts, APIs, and GRC platform integrations
- Integrate compliance workflows with cloud providers, identity systems, ticketing platforms, and CI/CD pipelines to automatically collect control data and evidence
- Reduce manual compliance work by codifying control checks and pulling evidence directly from source systems
- Develop dashboards and reporting that provide stakeholders with real-time visibility into control health and audit readiness
Audits & Frameworks
- Run and coordinate audits for SOC 2 (Type I and Type II), ISO 27001, and SOX, including scoping, evidence collection, control walkthroughs, and auditor coordination
- Map controls across multiple compliance frameworks to reduce duplication and maintain a unified control library
- Track audit findings and control gaps through remediation and closure with business and technical stakeholders
- Maintain audit-ready documentation including policies, procedures, control narratives, and evidence repositories
Risk Management
- Identify, assess, and document organizational risks while maintaining the enterprise risk register
- Support risk assessments, including likelihood and impact scoring, treatment planning, and remediation tracking
- Partner with Engineering and IT to evaluate the control impact of new systems, vendors, and architectural changes
- Contribute to the third-party risk management program
Cross-Functional Partnership
- Partner with control owners to ensure controls are operating effectively and generating appropriate evidence
- Translate compliance requirements into practical, engineering-focused guidance
- Support customer security questionnaires, trust requests, and due diligence activities
Requirements
- 3–5 years of experience in GRC, IT audit, security compliance, or a related field
- Hands-on experience supporting or leading audits for SOC 2, ISO 27001, SOX, or a comparable framework
- Working knowledge of SOC 2 Trust Services Criteria, ISO 27001 Annex A, COSO/SOX ITGCs, NIST, or similar control frameworks
- Experience with scripting and automation using Python or a similar language, including working with REST APIs to automate evidence collection
- Familiarity with at least one major cloud platform (AWS, GCP, or Azure) and its security and logging services
- Strong understanding of access management, change management, logging and monitoring, vulnerability management, and SDLC controls
- Excellent written communication skills with the ability to create clear control documentation, risk assessments, and stakeholder reporting
- Ability to manage multiple priorities while driving audit findings and remediation efforts to completion
Nice-to-Haves
- Experience with Infrastructure as Code (Terraform) and CI/CD pipeline security
- Exposure to SOX ITGC testing within a public company or pre-IPO environment
- Experience using SQL or data analysis for evidence collection and control sampling
- Certifications such as CISA, CISSP, CCSK, ISO 27001 Lead Implementer or Lead Auditor, or cloud security certifications
- Experience working directly with external auditors and managing audit timelines
Compensation
The salary range for this role will be $130,000.00 - $145,000.00 USD. In addition, this position will also receive an annual target bonus of 10%. Bonus pay at NinjaTrader is based on individual performance (50%) as well as company/team performance (50%).
Salary and bonus earnings are only two components of the total compensation package offered by NinjaTrader. NinjaTrader offers a 401K plan through ADP under which the company will match up to 3.5% of employee contributions. Annual paid time off allowance accrues at a rate of 18 days per year (some positions may qualify for more) plus seven paid holidays.