Posted in

IT Governance – Risk & Compliance Analyst

IT Governance – Risk & Compliance Analyst

CompanyNewrez
LocationCoppell, TX, USA, Greenville, SC, USA, Ambler, PA, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
DegreesBachelor’s
Experience LevelMid Level

Requirements

  • Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience
  • Holds or is working toward one or more of the following: CISSP, CISA, CRISC, CGEIT, or GRCP
  • At least 3+ years’ experience in cybersecurity or audit and exposure with various security frameworks
  • Experience and understanding of various regulatory requirements and laws, including but not limited to: SOX, FFIEC and GLBA
  • Additional experience in one or more of the following: ISO 2700X, ITIL, or NIST

Responsibilities

  • Support IT compliance program: Assist in developing, implementing, and executing the Company’s IT compliance program.
  • Identify SOX/SOC/Regulatory issues: Determine the proper root cause and provide guidance on potential remediation actions.
  • Identify and address audit concerns: Recognize existing or potential issues and conduct further research, as necessary.
  • Collaborate with cross-functional teams: Interface with various departments, consultants, and vendors to participate in SOX/SOC audits and recommendations meetings.
  • Liaison with auditors: Facilitate communication with external and internal auditors, acting as a liaison between auditors and the IT department.
  • Align policies and procedures: Provide input to align IT and Security policies, standards, and procedures with compliance requirements.
  • Support compliance with laws and regulations: Assist process owners, control owners, control performers, and compliance coordinators in ensuring controls are well-defined and compliant with applicable laws and regulations.
  • Continuous monitoring: Experience in building control testing and evidence collection to efficiently collect and analyze the effectiveness of controls.
  • Evaluate security and controls: Assess the security and controls of various on-premises and cloud-based technologies.
  • Create documentation as needed and ensure it reflects a high level of quality.
  • Additional duties as required by management.

Preferred Qualifications

    No preferred qualifications provided.