Security GRC IT Controls Analyst

Bachelor’s degree in Information Technology, Accounting, Finance, or a related field.
Strong analytical skills and ability to dive deep to get to Root Cause.
Excellent communication and interpersonal skills
5-10 years of experience in external audit, internal audit, SOX/SOC 2 compliance, IT audit, IT Security or a related IT governance role.
Strong understanding of ITGC frameworks and control areas (e.g., access management, change management, backup, recovery, and operations).
Experience with SOX 404 compliance testing.
Experience working in a BIG 4 firm leading IT compliance assessment initiatives strongly desired
Experience managing supply chain risk management programs

Facilitate ITGC assessments, including testing of access controls, change management, and IT operations, to ensure compliance with SOX and SOC 2 requirements.
Identify and assess IT risks and control design or operating effectiveness gaps in processes, systems, and infrastructure. Propose remediation strategies to address identified risks.
Develop and maintain documentation of ITGCs, control matrices, unified control frameworks, risk assessments, and testing methodology.
Act as a key liaison between internal compliance department, and IT teams to facilitate SOX and SOC 2 testing and address any findings or inquiries.
Collaborate with stakeholders to design, implement, and optimize controls and processes to strengthen IT governance.
Track remediation efforts, escalate issues as needed, and report control statuses to management.
Help develop and maintain IT policies, procedures, and standards that align with SOX, SOC 2 and Enterprise Security Compliance objectives.
Guide business teams on SOX and SOC 2 compliance requirements as well as corporate security policies and best practices.

Experience working in a BIG 4 firm leading IT compliance assessment initiatives strongly desired
Certifications (preferred): CRISC, CISA, CISSP, CPA, or similar certifications.