IT Assurance and Compliance Analyst

About The Position

Requirements

• Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
• Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well‑governed control environment.
• Bachelor’s degree in Auditing, Management Information Systems, Information Assurance, Cybersecurity or related area.
• 2+ years of Information Technology Auditing or Consulting work experience.
• Experience leading, coaching and training others as a team leader, or formal supervisor experience.
• Experience with Sarbanes Oxley (SOX), COSO, CoBIT, DFARS 252.204-7012, ISO 27001, and NIST SP800-171.
• Experience leveraging auditing principles and methods to evaluate policies, processes, and systems to identify risks and control gaps.
• Experience documenting, understanding, and evaluating IT governance and risk management concepts and IT general controls and practices, such as IT infrastructure, cybersecurity, change management, and application control processes.
• Ability to identify risks and propose feasible and effective solutions, and document and communicate findings and recommendations to management.
• Clear articulation and exceptional written and verbal communication skills.
• Strong people skills and ability to work collaboratively and cooperatively with external auditors/assessors and employees irrespective of their status in the organization.
• Strong organizational and project management skills, including ability to multi-task with shifting deadlines.
• Ability to work independently, with minimal direction in a complex environment.

Nice To Haves

• CIA, CISA, CRISC, ISO 27001 and other certifications
• Experience in a regulated industry such as Government Contracting
• Experience supporting IT SOX programs end to end (walkthroughs, testing coordination, evidence requests, deficiency analysis, remediation validation).
• Experience using ServiceNow IRM or compliance management

Responsibilities

• Coordinate, facilitate, and support IT SOX compliance activities as the primary focus of the role, including walkthroughs, evidence collection, ITGC testing support, remediation tracking, and audit readiness.
• Support internal and external IT SOX audits, ISO 27001 internal assessments, and special audits, as well as third‑party compliance assessments for IT‑relevant services (e.g., NIST SP 800‑ 171, CMMC) as needed.
• Monitor remediation and corrective action plans across Corporate and program enclaves, ensuring timely and complete resolution of SOX findings and broader compliance issues.
• Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
• Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well‑governed control environment.
• Build and maintain strong working relationships across IT, cybersecurity, infrastructure, and business stakeholders at all organizational levels.
• Assist with IT compliance and assurance special projects as required, including process maturity initiatives and control automation efforts.
• Research and stay current on evolving IT regulatory requirements—particularly SOX and SEC requirements—while gaining exposure to cybersecurity frameworks (NIST 800‑X), DFARS, and CMMC regulations.
• Maintain a continuous learning mindset as technologies, regulations, and compliance frameworks evolve.

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits
• flexible time off benefit
• robust learning resources