IT Assurance and Compliance Analyst

About The Position

Requirements

• Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
• Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well Bachelor’s degree in Auditing, Management Information Systems, Information Assurance, Cybersecurity or related area.
• 2+ years of Information Technology Auditing or Consulting work experience.
• Experience leading, coaching and training others as a team leader, or formal supervisor experience.
• Experience with Sarbanes Oxley (SOX), COSO, CoBIT, DFARS 252.204-7012, ISO 27001, and NIST SP800-171.
• Experience leveraging auditing principles and methods to evaluate policies, processes, and systems to identify risks and control gaps.
• Experience documenting, understanding, and evaluating IT governance and risk management concepts and IT general controls and practices, such as IT infrastructure, cybersecurity, change management, and application control processes.
• Ability to identify risks and propose feasible and effective solutions, and document and communicate findings and recommendations to management.
• Clear articulation and exceptional written and verbal communication skills.
• Strong people skills and ability to work collaboratively and cooperatively with external auditors/assessors and employees irrespective of their status in the organization.
• Strong organizational and project management skills, including ability to multi-task with shifting deadlines.
• Ability to work independently, with minimal direction in a complex environment.

Nice To Haves

• CIA, CISA, CRISC, ISO 27001 and other certifications
• Experience in a regulated industry such as Government Contracting
• Experience supporting IT SOX programs end to end (walkthroughs, testing coordination, evidence requests, deficiency analysis, remediation validation).
• Experience using ServiceNow IRM or compliance management

Responsibilities

• Coordinate, facilitate, and support IT SOX compliance activities as the primary focus of the role, including walkthroughs, evidence collection, ITGC testing support, remediation tracking, and audit readiness.
• Support internal and external IT SOX audits, ISO 27001 internal assessments, and special audits, as well as third‑party compliance assessments for IT ‑ relevant services (e.g., NIST SP 800 ‑171, CMMC) as needed.
• Monitor remediation and corrective action plans across Corporate and program enclaves, ensuring timely and complete resolution of SOX findings and broader compliance issues.
• Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
• Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well‑governed control environment.
• Build and maintain strong working relationships across IT, cybersecurity, infrastructure, and business stakeholders at all organizational levels.
• Assist with IT compliance and assurance special projects as required, including process maturity initiatives and control automation efforts.
• Research and stay current on evolving IT regulatory requirements—particularly SOX and SEC requirements—while gaining exposure to cybersecurity frameworks (NIST 800 ‑X), DFARS, and CMMC regulations.
• Maintain a continuous learning mindset as technologies, regulations, and compliance frameworks evolve.

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits