Analyst- IT Controls and Compliance (Hybrid)

Responsible for performing self-assessments of IT controls and processes in support of management’s internal risk assessment process. Provides ongoing information, guidance and support to assists with continuous improvement and maturity of the IT controls and compliance (ITCC) program.Works with personnel across all levels of the organization. In-depth knowledge of IT general controls, IT audit fundamentals and process analysis are required.

This role is hybrid: onsite two days per week, work from home three days per week.

What You’ll Do

• Assist in the creation of an IT risk assessment, and develop self-assessment programs to evaluate areas of risk or concern based on regulatory, customer, internal and best practice requirements across the enterprise
• Perform ITCC self-assessments over IT controls and processes, analyze evidence, and provide recommendations to remediate findings and improve the control environment
• Advise management on the design and implementation of control activities that reduce risk, add value, and mature the control environment
• Assist in the development, maintenance and implementation of ITCC tools and processes to streamline and automate compliance and control activities
• Support the enterprise Information Security and IT compliance awareness, communication, and education programs
• Provide excellent customer service in support of program activities
• Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties
• Assist with the maintenance and update of ITCC program documents
• Maintain an understanding of Company and IT objectives and risks
• Assist with other Information Security and ITCC initiatives as needed
• Perform ongoing education and training in Information Security related areas
• Provide subject matter expertise related to IT General Controls and Information Security policies and standards
• Required to perform duties outside of normal work hours based on business needs.

What You’ll Bring

• In-depth knowledge of IT and Information Security control standards and frameworks (COBIT, ISO27001, SSAE16/SOC1/SOC2, etc.)
• Familiarity with governance, risk, and compliance tools (ServiceNow, etc.)
• In-depth knowledge of MS Excel
• Team player with positive energy and good customer service skills
• Ability to work independently, demonstrates initiative, and is a self-starter
• Ability to work effectively with all levels of the organization
• Bachelor’s Degree or equivalent experience
• Minimum 2 years relevant work experience in Information Security, IT Risk Management, IT Governance or IT Audit
• Effectively communicate IT compliance expectations to all levels of the organization including operational personnel executive management
• Gain support and consensus with multiple stakeholders and partners (internal and external)
• Manage multiple initiatives simultaneously, with strong ability to prioritize
• Respond appropriately to potential audit findings including vetting and assessment of risk
• Customer focused in the context of balancing risk reduction with business needs
• High attention to detail to manage, analyze and finalize artifacts and documents
• Highly developed oral and written communication skills; strong presentation skills
• Highly flexible, adapting to changes in priorities and requirements
• Development and maintenance program-related documentation (e.g., standard operating procedures)
• Ability to quickly learn, communicate and apply technical concepts
• Relevant, industry recognized security certification such as CISSP, CISA, CISM

Pay Range: $68,890- $97,000 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.