Senior Information Technology Auditor

AppFolio is more than a company. We’re a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers. At every opportunity, we set the pace while delivering innovation built to carry real estate into the future — one in which every experience feels effortless, yet meaningful, and every customer is empowered to take on any opportunity. We show up as one team, connected by our values to be a force for good. Together, we have the power to create extraordinary outcomes for our customers, our communities, and ourselves.

About the Role

We’re looking for a Senior Technology Auditor to be a hands-on leader behind AppFolio’s technology assurance program. In this role, you’ll deliver the annual IT audit plan end-to-end, strengthen the IT General Controls that anchor our SOX and operational resilience programs, and help shape how AppFolio governs its rapidly expanding use of AI — internally, in product, and across the software development lifecycle. You’ll work shoulder-to-shoulder with Engineering, Security, IT, Finance, and Data Governance leaders on a cloud-native (AWS/GCP) tech stack that powers payments, property management, and AI-assisted experiences for thousands of customers. If you’re energized by audits that actually move the needle — and by being one of the first auditors at a public SaaS company to operationalize AI governance — this is the seat. Your Impact

• Annual IT Audit Plan Delivery: Own the execution of audits across the annual IT audit plan — scoping, risk assessment, fieldwork, reporting, and remediation follow-up — producing high-quality workpapers and findings that drive measurable risk reduction.
• IT General Controls (ITGCs): Evaluate and continuously rationalize ITGCs across our cloud platforms (AWS/GCP), CI/CD pipelines, and enterprise systems (NetSuite ERP, Coupa, etc.) to support ongoing SOX compliance and operational resilience.
• Internal AI Governance: Play a leading role in how AppFolio governs the internal use of generative and agentic AI — assessing policy design, model and tool usage, data privacy, vendor risk, and AI-supported development workflows against frameworks like the NIST AI RMF.
• Engineering & Cloud Assurance: Assess the effectiveness of automated security checks embedded in our CI/CD pipelines and cloud configurations so we maintain “Elite” deployment performance without compromising security or compliance.
• Strategic Risk Assessment: Contribute to the enterprise technology risk assessment by identifying emerging threats across cloud-native infrastructure, payments systems, and agentic AI platforms — and translating them into a forward-looking audit plan.
• Data Governance & Privacy Assurance: Partner with Data Governance teams to audit data discovery scans, classification efforts, and the protection of sensitive information across structured and unstructured data sources.
• Trusted Partnering: Work directly with the CIO organization, CISO, Engineering leadership, and Finance to deliver practical, data-driven recommendations that improve our security posture, operational efficiency, and audit-readiness.

Qualifications

• Experience: 4 to 7 years of progressive experience in IT audit, technology risk management, or cybersecurity, with a clear track record of delivering audits end-to-end.
• Public Accounting Rigor: Previous experience in a Big 4 or large national accounting firm, with a focus on IT audit or advisory services, is a plus.
• Environment: Direct experience auditing or managing risk in a high-growth SaaS, FinTech, or technology-driven environment.
• Technical Knowledge: Familiarity with cloud infrastructure security (AWS/GCP), containerization (Kubernetes), generative and agentic AI, and modern software development lifecycles (SDLC).
• AI Governance: Exposure to emerging AI governance frameworks (e.g., NIST AI RMF) or experience auditing internal AI / LLM usage is a strong plus.
• Technical Control Advisory: Demonstrated ability to translate technical control objectives into action-oriented plans that bridge the gap between current and desired state.
• Financial Systems: Experience with cloud-based ERP systems (NetSuite preferred) and automated segregation of duties (SoD) monitoring tools.
• Education: Bachelor’s degree in Management Information Systems, Computer Science, Accounting, or a related field.

Must Haves

• Certification: CISA (Certified Information Systems Auditor), CISSP, CIA, or AWS Certified Security Specialty.
• Professional Presence: Excellent communication and presentation skills, with the ability to translate complex technical risks into a business context for senior leadership.
• Objective Reasoning: A proven ability to critically assess the reliability of information and maintain an inquisitive attitude toward automated control environments.
• Analytical Mindset: Demonstrated success in leading complex technical audits across multiple stakeholders and high-volume data environments.
• Bias for Impact: You see audit as an exercise to enhance the company’s ability to manage risk— not a checklist — and bring curiosity, ownership, and a high standard of craft to every engagement.

Location Find out more about our locations by visiting our site. Compensation & Benefits The compensation that we reasonably expect to pay for this role is: $94,400 - $118,000 [base pay]. The actual compensation for this role will be determined by a variety of factors, including but not limited to the candidate’s skills, education, experience, and internal equity. Please note that compensation is just one aspect of a comprehensive Total Rewards package. The compensation range listed here does not include additional benefits or any discretionary bonuses you may be eligible for based on your role and/or employment type. Regular full-time employees are eligible for benefits - see here.