Senior IT Compliance Analyst

Bachelor’s degree in information technology/security or computer science is preferred. Non-technical degrees with Computer Science fundamentals will be considered when combined with technology experience
7+ years of experience in Information Security, IT Compliance, and/or internal/external Audit. Big 4 experience with SEC clients preferred.
Expert with Microsoft Office suite of applications, especially Excel
Attention to detail and ability to produce quality deliverables while managing multiple priorities and deadlines
Expertise in auditing all system layers (i.e., application, database, and operating system) to ensure that controls are in place
Technical experience auditing Windows, IBM i, iSeries, AS/400, Unix/Linux operating systems; Oracle and SQL databases
Demonstrated experience in performing SOX audits across the entire project lifecycle
Operational knowledge of the deployment of Information Security frameworks such as COBIT, NIST, ISO, FISMA, etc.
Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences

Conduct SOX readiness assessments to identify ITGC gaps in newly developed and acquired applications
Partner with IT teams, product owners, and application owners to ensure timely remediation of control gaps
Design and help implement effective, sustainable ITGCs aligned with SOX requirements
Facilitate interviews with key stakeholders to understand current-state processes and provide actionable guidance on IT compliance best practices
Collect and manage evidence to ensure controls are operating effectively and can withstand internal and external audit scrutiny
Develop deliverables that are auditable, traceable, and repeatable for future re-performance by audit teams
Provide timely and transparent status reports, schedule activities, and manage documentation throughout the assessment lifecycle
Leverage tools such as JIRA and ServiceNow to support issue tracking, project workflow, and documentation
Support both Agile and Waterfall SDLC methodologies during control design and implementation
Escalate risks, challenges, and potential delays promptly with proposed solutions to avoid project slowdowns
Foster collaboration across teams to accelerate readiness work and ensure compliance requirements are met

At least one Information Security certification such as CISA, CISSP, PMP, CRISC, etc. is preferred
Prior involvement with pre-production application readiness assessments and/or implementation of ITGC controls
Prior experience designing, implementing, and/or executing a SOX or audit readiness program
Knowledge of SDLC controls and best practices
Smartsheet, JIRA/Confluence, and PowerBI experience
Experience using and/or maintaining the ServiceNow GRC module
Compliance or auditing experience performing or supporting SOC 1, SOC 2, GDPR, PCI-DSS assessments
Experience auditing ESG requirements, highly desired