Audit Lead - IT Audits

WHO WE ARE:

Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold, team up, deliver value – and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders.

WHO YOU ARE:

You are a technically savvy IT auditor with deep curiosity about how modern systems work — from cloud infrastructure to code deployment pipelines. You’ve moved beyond checkbox audits and bring a risk-first mindset, able to challenge DevOps, security, and engineering teams constructively. You’re fluent in the language of IAM, encryption, vulnerability management, and CI/CD, and you use tools like SQL or Python to dive deeper into control effectiveness. You're comfortable auditing fast-moving, tech-driven environments and see your role as helping the business build secure, resilient systems.

WHAT YOU’LL DO:

You will be responsible for working with leadership to plan, execute, and deliver outcomes. 

• Audit cloud-native platforms (AWS, GCP, Azure) for risks related to IAM, network security, storage configuration, and data encryption
• Review CI/CD pipelines and DevOps practices to assess deployment and infrastructure security controls
• Evaluate vulnerability management programs, patch cycles, and monitoring processes
• Perform data-driven testing using tools such as SQL, Python, or logs to validate control operation
• Partner with engineering, security, and legal teams on cybersecurity audits, readiness assessments, and incident reviews
• Support continuous monitoring of automated controls in dynamic environments
• Contribute to the enhancement of our internal audit methodology for tech risk, including automated testing scripts
• Draft clear, technical audit findings with practical risk mitigation guidance

 WHAT YOU’LL NEED:

• Bachelor’s degree in Information Systems, Accounting, Finance, Engineering, or a related field.
• 5+ years of experience in IT audit, cyber risk, or security engineering
• Demonstrated experience with cloud platform audits (AWS, GCP, Azure), including IAM and configuration reviews
• Familiarity with CI/CD tooling (e.g., Jenkins, GitHub Actions, Terraform, Kubernetes) and the associated risks
• Hands-on experience with or exposure to vulnerability scanners, SIEM, and endpoint detection tools
• Ability to query large datasets (e.g., access logs) using SQL, Python, or scripting tools
• Knowledge of security and audit frameworks such as NIST CSF, SOC 2, ISO 27001, or MITRE ATT&CK
• Clear, technical writing and communication skills to engage with engineers and senior stakeholders
• Certifications like CISA, CISSP, CCSK, or AWS Security Specialty
• Experience working directly with security or DevOps teams
• Prior work in a SaaS or high-growth tech company
• Contribution to building or automating internal audit programs or tools

WHAT’S IN IT FOR YOU?

We’re looking for the best and brightest innovators in the industry to join our team. At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability.

#LI-UM1