IT Internal Audit Lead

This a Full Remote job, the offer is available from: United States Job Type Full-time Description ABOUT US Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation. At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we’d love to meet you. OVERVIEW The Internal Auditor Lead – Information Technology serves as a senior, hands-on audit executor responsible for assessing the design and operating effectiveness of Coastal’s technology, cybersecurity, and IT risk management practices. This role performs complex technology and cyber audits across infrastructure, cloud, identity, applications, data, and third-party environments, with primary alignment to the FFIEC IT Examination Handbooks, CRI Profile, and applicable regulatory requirements. You will independently evaluate governance, risk management, and control execution; perform risk-based audit planning; execute end-to-end audits; and deliver clear, defensible audit opinions and issues. The role blends deep technical understanding with strong audit judgment, professional skepticism, and regulatory fluency. You will partner closely with Information Technology, Information Security, Risk Management, Compliance, Engineering, and business stakeholders. This position also acts as a subject matter expert and mentor within Internal Audit, helping evolve audit methodologies, testing approaches, and the use of automation and data analytics to enhance audit quality and efficiency. RESPONSIBILITIES TO INCLUDE

• Audit Planning & Risk Assessment
• Perform planning and scoping for technology and cybersecurity audits, leveraging enterprise risk assessments, regulatory priorities, emerging threats, and business changes.
• Perform and document technology and cyber risk assessments to identify key inherent risks, control dependencies, and areas of heightened regulatory and operational exposure.
• Maintain alignment of audit coverage with the FFIEC IT Examination Handbooks, CRI Profile, and Internal Audit standards.
• Audit Execution & Control Evaluation
• Lead and execute end-to-end technology and cybersecurity audits, including: IT governance and risk management, Identity and access management, Cloud and infrastructure security, Network and endpoint security, Secure configuration and vulnerability management, SDLC, change management, and DevOps controls, and Data protection and resilience (BCP/DR)
• Perform Test of Design (“TOD”) and Test of Operating Effectiveness (“TOE”) using walkthroughs, sampling, inspection, inquiry, and re-performance.
• Develop clear, high-quality audit workpapers that support conclusions and comply with Internal Audit methodology and IIA standards.
• Assess control maturity, sustainability, and consistency.
• Issues Management & Validation
• Identify, evaluate, and clearly articulate control deficiencies, root causes, and risk impacts.
• Draft concise, risk-based audit issues with well-supported severity ratings and actionable recommendations.
• Validate remediation plans for adequacy and sustainability; perform issue validation testing to confirm effective closure.
• Identify thematic issues and emerging risks to inform management and future audit planning.
• Regulatory Exams & Audit Coordination
• Support and coordinate with regulatory examiners, external auditors, and independent assessors for technology and cybersecurity-related reviews.
• Provide credible challenge to management responses and ensure Internal Audit positions are consistent, defensible, and regulator-ready.
• Assist in aligning Internal Audit perspectives with evolving regulatory guidance and supervisory expectations.
• Audit Methodology, Automation & Quality
• Contribute to the continuous improvement of Internal Audit’s technology audit methodology, testing standards, and documentation practices.
• Leverage data analytics, automation, and technology-enabled testing techniques to improve audit efficiency and coverage.
• Promote a culture of quality, independence, and professional skepticism within the audit function.
• Reporting & Stakeholder Communication
• Deliver clear, concise audit reports and executive-ready summaries that communicate risk, impact, and priorities effectively.
• Present audit results to senior management and risk committees, articulating complex technical issues in business-relevant terms.
• Maintain strong, professional relationships with stakeholders while preserving Interna