Sr. Technology Auditor

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the Role

The Internal Audit (“IA”) Department is seeking a highly motivated IT Audit Senior to join our Internal Audit team in the retail industry. This role focuses on executing IT operational audits and supporting SOX compliance efforts, including testing IT General Controls (ITGCs) and IT Application Controls (ITACs). The ideal candidate has 3–4 years of experience and a strong understanding of IT risk and control frameworks. This role is based in the San Francisco Office.

What You'll Do

• Execute end-to-end IT audits, including planning, risk assessment, execution, and reporting, while driving alignment with cross-functional stakeholders.
• Assess the design and operating effectiveness of IT controls across applications, infrastructure, and data environments, with a focus on key risk areas.
• Identify systemic control gaps and emerging risks, and provide strategic, risk-based recommendations to strengthen the control environment.
• Partner with IT, Security, and Compliance leadership to influence control design, risk mitigation strategies, and process improvements.
• Deliver high-quality audit documentation and insights, and contribute to the evolution of audit methodologies and practices.
• Lead execution of SOX IT testing, including IT General Controls (ITGCs) and IT Application Controls (ITACs), ensuring alignment with ICFR requirements.
• Exercise judgment in evaluating control design and operating effectiveness, including assessing automated controls and system-generated reports.
• Drive SOX activities including walkthroughs, RCM development and refinement, and scoping of in-scope systems and risks.

Who You Are

• 3-4 years of experience in IT auditing, risk management, or information security.
• Experience with SOX IT controls (ITGCs & ITACs) and a solid understanding of ICFR concepts and financial reporting risks.
• understanding of IT environments, including applications, infrastructure, databases, and cloud platforms (e.g., AWS, Azure).
• Knowledge of IT risk and control frameworks (e.g., NIST, ISO 27001, COBIT) and core domains such as access management, change management, and IT operations.
• Strong communication and interpersonal skills, with the ability to partner with stakeholders and influence outcomes.
• Excellent organizational and project management skills, with the ability to manage multiple priorities and deliver high-quality work.

Nice to Have:

• Professional certifications such as CISA, CRISC, CISSP, or equivalent.
• Experience working with external auditors and supporting SOX reliance strategies (e.g., SOC reports, CUECs).
• Familiarity with audit tools, data analytics, and GRC platforms (e.g., AuditBoard, ServiceNow).
• Experience in a retail or consumer-facing environment.