IT Audit & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in information systems, Computer Science, or a related field, or an equivalent combination of education and experience.
• 3–5+ years of experience in IT audit, IT controls, information security, identity and access management, or IT risk, preferably in banking, financial services, or another regulated environment.
• Working knowledge of GLBA, FDICIA, IT general control expectations, and NIST Cybersecurity Framework concepts.
• Experience conducting or supporting user access reviews and IT control testing.
• Strong analytical, organizational, and documentation skills.
• Ability to communicate risk and control concepts clearly to both technical and non-technical audiences.
• Ability to work independently, manage multiple reviews at once, and handle confidential information with discretion.

Nice To Haves

• Relevant certifications such as ISACA IT Audit Fundamentals, CISA, or CIA are preferred.

Responsibilities

• Perform scheduled and risk-based user access reviews across core banking, lending, deposit, digital, infrastructure, cloud, and third-party systems.
• Evaluate access against least-privilege, segregation-of-duties, and role-based access control principles.
• Identify and document access concerns such as dormant, terminated, shared, or over-privileged accounts, and partner with system owners to drive timely remediation.
• Review privileged, administrative, service, and emergency access on a defined cadence.
• Verify timely access provisioning, transfers, and de-provisioning in partnership with People Resources and IT Support.
• Maintain accurate evidence, documentation, and audit trails to support internal audit, external audit, and regulatory examination needs.
• Assess the design and operating effectiveness of IT general controls across areas such as change management, logical access, computer operations, backup and recovery, and incident response.
• Test adherence to IT policies, standards, and procedures, and identify gaps between documented processes and actual practice.
• Partner with business line managers to determine appropriate system access profiles for new or changing roles.
• Recommend and document role-based access templates that support strong controls and effective business operations.
• Help managers understand access request standards, recertification responsibilities, and the business rationale for control requirements.
• Coordinate with IT, Risk, and Compliance teams to support audit plans, regulatory requests, evidence gathering, issue tracking, and corrective action follow-up.

Benefits

• professional development
• community outreach activities
• personal growth workshops
• team-building opportunities