IT Compliance Sr. Analyst

About The Position

Requirements

• Strong understanding of SOX ITGCs, application controls, and IT audit methodologies.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Ability to interpret regulatory requirements and translate them into actionable controls.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Excellent communication and stakeholder management skills.
• Ability to work independently on complex tasks while contributing to team initiatives.
• High level of integrity and commitment to protecting organizational assets.
• Ability to analyze complex security issues and communicate findings clearly to technical and non-technical audiences.
• Hands-on experience with compliance management software (AuditBoard, OneTrust, Workiva) or similar enterprise security technologies.
• Hands-on experience with ERP business processes and roles and experience with access control software (SAP GRC, Pathlock, OpenPages) or similar enterprise technologies.
• Strong understanding of risk principles, authentication concepts, logging, SDLC, backup and restore, and change management.
• Deep understanding of segregation of duty principles and application.
• Ability to communicate complex technical issues to various audiences, including leadership.
• Demonstrates a strong understanding of control assessment techniques and processes.
• Strong analytic and problem-solving skills.
• Strong oral & written communications to include report development and delivery.
• 5–7 years of experience in IT compliance, IT audit, SOX/ITGC, or IT risk management.
• 3+ years of hands-on experience supporting SAP environments, preferably supporting SAP FI modules.
• Strong knowledge of IT controls over SAP financial systems, including access provisioning, segregation of duties, change management, batch processing, and system security.
• Demonstrated experience supporting SOX compliance by performing and coordinating audit testing, walkthroughs, and remediation activities in systems impacting financial reporting.
• Demonstrated ability to assess risks impacting financial reporting, evaluate control design and operating effectiveness, and support remediation of identified deficiencies.
• Experience collaborating with cross-functional stakeholders, including finance, IT, SAP security, internal audit, and external auditors, to maintain a strong controls environment.
• Working knowledge of SAP financial processes and underlying security/control considerations across key business areas such as general ledger, accounts payable, accounts receivable, cost accounting, and fixed assets.
• Experience with compliance documentation, audit coordination, issue tracking, and continuous improvement of IT control processes.
• Ability to operate independently, manage multiple priorities, and communicate effectively with both technical and non-technical audiences.
• Strong knowledge of Cloud security (Azure, AWS, or GCP)
• Experience with SAP or IAM security environments.
• Identity and access management concepts.
• Knowledge of automation/reporting tools such as Power BI or Power Automate.
• Security frameworks (NIST CSF, CIS Controls, ISO 27001).

Nice To Haves

• Experience supporting frameworks and regulations such as SOX, ISO 27001, NIST, HIPAA, or GDPR is preferred.
• Industry risk certification a strong plus (CPA, CISA, CRISC, or CISM).

Responsibilities

• Lead SOX ITGC and application control testing, including design and operating effectiveness assessments.
• Conduct control evaluations, compliance reviews and risk assessments.
• Perform control design analysis and recommend improvements to IT processes.
• Coordinate and lead walkthroughs with internal and external auditors.
• Manage remediation plans, validate corrective actions, and ensure timely closure.
• Develop and maintain IT compliance policies, standards, and procedures.
• Provide guidance and mentoring to junior analysts.
• Partners with IT and PMO teams to embed compliance requirements into system design, cloud environments, and operational processes.
• Evaluate new technologies and system changes for compliance impact.
• Act as a liaison between IT, business units, and leadership on compliance matters.
• Researching and documenting security and compliance best practices for devices, applications, and emerging technologies.
• Evaluate compliance with the organization's security policies and making recommendations for areas of improvement.
• Researching and documenting compliance best practices for systems, applications, and emerging technologies.
• Experience navigating complex organizations, developing, and delivering vision through various communication strategies and presentations to senior-level executives and technical audiences.