ABOUT US

Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation. At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we’d love to meet you.

OVERVIEW

The Internal Auditor Lead – Information Technology serves as a senior, hands-on audit executor responsible for assessing the design and operating effectiveness of Coastal’s technology, cybersecurity, and IT risk management practices. This role performs complex technology and cyber audits across infrastructure, cloud, identity, applications, data, and third-party environments, with primary alignment to the FFIEC IT Examination Handbooks, CRI Profile, and applicable regulatory requirements. You will independently evaluate governance, risk management, and control execution; perform risk-based audit planning; execute end-to-end audits; and deliver clear, defensible audit opinions and issues. The role blends deep technical understanding with strong audit judgment, professional skepticism, and regulatory fluency. You will partner closely with Information Technology, Information Security, Risk Management, Compliance, Engineering, and business stakeholders. This position also acts as a subject matter expert and mentor within Internal Audit, helping evolve audit methodologies, testing approaches, and the use of automation and data analytics to enhance audit quality and efficiency.

RESPONSIBILITIES TO INCLUDE

• Audit Planning & Risk Assessment
• Perform planning and scoping for technology and cybersecurity audits, leveraging enterprise risk assessments, regulatory priorities, emerging threats, and business changes.
• Perform and document technology and cyber risk assessments to identify key inherent risks, control dependencies, and areas of heightened regulatory and operational exposure.
• Maintain alignment of audit coverage with the FFIEC IT Examination Handbooks, CRI Profile, and Internal Audit standards.
• Audit Execution & Control Evaluation
• Lead and execute end-to-end technology and cybersecurity audits, including: IT governance and risk management, Identity and access management, Cloud and infrastructure security, Network and endpoint security, Secure configuration and vulnerability management, SDLC, change management, and DevOps controls, and Data protection and resilience (BCP/DR)
• Perform Test of Design (“TOD”) and Test of Operating Effectiveness (“TOE”) using walkthroughs, sampling, inspection, inquiry, and re-performance.
• Develop clear, high-quality audit workpapers that support conclusions and comply with Internal Audit methodology and IIA standards.
• Assess control maturity, sustainability, and consistency.
• Issues Management & Validation
• Identify, evaluate, and clearly articulate control deficiencies, root causes, and risk impacts.
• Draft concise, risk-based audit issues with well-supported severity ratings and actionable recommendations.
• Validate remediation plans for adequacy and sustainability; perform issue validation testing to confirm effective closure.
• Identify thematic issues and emerging risks to inform management and future audit planning.
• Regulatory Exams & Audit Coordination
• Support and coordinate with regulatory examiners, external auditors, and independent assessors for technology and cybersecurity-related reviews.
• Provide credible challenge to management responses and ensure Internal Audit positions are consistent, defensible, and regulator-ready.
• Assist in aligning Internal Audit perspectives with evolving regulatory guidance and supervisory expectations.
• Audit Methodology, Automation & Quality
• Contribute to the continuous improvement of Internal Audit’s technology audit methodology, testing standards, and documentation practices.
• Leverage data analytics, automation, and technology-enabled testing techniques to improve audit efficiency and coverage.
• Promote a culture of quality, independence, and professional skepticism within the audit function.
• Reporting & Stakeholder Communication
• Deliver clear, concise audit reports and executive-ready summaries that communicate risk, impact, and priorities effectively.
• Present audit results to senior management and risk committees, articulating complex technical issues in business-relevant terms.
• Maintain strong, professional relationships with stakeholders while preserving Internal Audit independence.

QUALIFICATIONS

• Demonstrated expertise applying FFIEC IT Examination Handbooks and the CRI Profile within an Internal Audit or independent assurance context.
• Strong understanding of technology and cybersecurity control frameworks, including NIST CSF, NIST SP 800-53, and their application in regulated financial institutions.
• Hands-on experience auditing modern technology environments, including cloud platforms, identity systems, networks, operating systems, applications, and third parties.
• Ability to assess both technical control effectiveness and governance/process maturity.
• Experience using data analytics, scripting, or automated techniques to support audit testing (e.g., SQL, Python, PowerShell, APIs, or audit analytics tools).
• Excellent written and verbal communication skills, with the ability to influence, challenge, and educate stakeholders at all levels.
• Strong audit judgment, attention to detail, and ability to manage multiple audits and priorities concurrently

EDUCATION/EXPERIENCE

• Bachelor’s/University degree in Information Systems, Computer Science, Cybersecurity, Accounting, or a related field required.
• 4+ years of experience in Internal Audit, Technology Risk, Cybersecurity Risk, IT Risk Management, or related assurance roles; financial services experience strongly preferred.
• Professional certification, such as CIA, CRISC, CISA, CISSP, CISM preferred.

HOW YOU’LL THRIVE AT COASTAL

• Be the Best – Communicate effectively, pay close attention to detail, and prioritize your personal development.
• Be Relentless – Thrive in a goal-oriented environment exercising both patience and persistence. Advocate for our customers and team members and strive to promote the Coastal Difference.
• Be Un-Bankey – Be a forward thinker with a creative mindset. Build long-lasting relationships promoting the Coastal Difference, built on a foundation of integrity, honesty, and trust.
• Embrace Gray Thinking – Use sound judgment while decision-making and problem-solving. Think outside the box.
• Stay Flexible – Organize and strategize effectively while always being prepared to adapt on the fly. Seek efficiencies for Coastal to work smarter, not harder.
• Take Care of Each Other – Understand what it means to be a true team player and have your teammate's back. Practice self-awareness and build your emotional intelligence.

BEING YOU AT COASTAL

Coastal is an equal opportunity employer. We are committed to providing a workplace free from discrimination and harassment. All employment decisions are based on merit, qualifications, and business needs. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other protected status under applicable laws.

BENEFITS WE OFFER

We’re proud to offer a comprehensive benefits package designed to support your health, financial well-being, and work-life balance. Check out our benefits on our careers site! Our offerings include:

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term (LTD)/Short-Term Disability (STD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.

PHYSICAL DEMANDS

The physical demands described below are required to perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee must be able to:

• Sit for extended periods of time.
• Stand for extended periods of time.
• Perform repetitive finger, hand, and arm movement.
• Use electronic office equipment such as a computer keyboard, mouse, ten key, telephone, etc.
• View and read computer screens for extended periods.
• Occasionally stoop, kneel, crouch, or crawl.
• Occasionally lift or move up to 10 pounds.

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

#LI-Remote