IT Assurance and Compliance Analyst

CACI•Oklahoma City, OK

2d•Hybrid

About The Position

CACI is seeking an experienced and relationship‑focused Cyber Risk and IT Compliance professional to join our Governance, Risk & Compliance organization. As an Information Assurance and Compliance Analyst, you will help shape and maintain the organization’s IT control environment by assessing internal controls, coordinating SOX IT audits, validating compliance with key regulatory frameworks, and partnering with IT and business owners to drive remediation activities. The analyst partners closely with cybersecurity, infrastructure, applications, and leadership teams to ensure that technology processes meet both internal and external standards.

Requirements

Bachelor’s degree in MIS, Information Assurance, Cybersecurity, Auditing, or a related discipline.
2+ years of experience in IT auditing, ITGC testing, IT consulting, or IT compliance.
Experience leading meetings and communicating effectively with technical and non‑technical stakeholders.
Working knowledge of SOX, COSO, COBIT, ISO 27001, DFARS 252.204‑7012, and NIST SP 800‑171.
Experience evaluating IT processes, controls, policies, and governance frameworks.
Ability to identify control gaps, assess risk, recommend solutions, and clearly communicate findings.
Exceptional written and verbal communication skills, with the ability to simplify complex issues.
Strong interpersonal skills and the ability to collaborate effectively with external auditors and internal teams.
Strong organizational skills with the ability to handle multiple workstreams and deadlines independently.
Demonstrated ability to operate with minimal supervision in a complex IT environment.

Nice To Haves

Professional certifications such as CISA, CIA, CRISC, or ISO 27001 Lead/Implementer.
Experience in a regulated industry (e.g., government contracting, defense, finance).
Hands‑on experience supporting end‑to‑end IT SOX programs (walkthroughs, testing coordination, evidence requests, remediation validation).
Experience using ServiceNow IRM or other GRC/compliance management platforms.

Responsibilities

Coordinate, facilitate, and support IT SOX compliance activities as the primary focus of the role, including walkthroughs, evidence collection, ITGC testing support, remediation tracking, and audit readiness.
Support internal and external IT SOX audits, ISO 27001 internal assessments, and special audits, as well as third‑party compliance assessments for IT ‑ relevant services (e.g., NIST SP 800 ‑ 171, CMMC) as needed.
Monitor remediation and corrective action plans across Corporate and program enclaves, ensuring timely and complete resolution of SOX findings and broader compliance issues.
Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well‑governed control environment.
Build and maintain strong working relationships across IT, cybersecurity, infrastructure, and business stakeholders at all organizational levels.
Assist with IT compliance and assurance special projects as required, including process maturity initiatives and control automation efforts.
Research and stay current on evolving IT regulatory requirements—particularly SOX and SEC requirements—while gaining exposure to cybersecurity frameworks (NIST 800 ‑X), DFARS, and CMMC regulations.
Maintain a continuous learning mindset as technologies, regulations, and compliance frameworks evolve.