IT Controls & Compliance Analyst

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems, Information Security/Cyber Security, or a related field preferred.
• Five (5) or more years of experience in IT compliance, IT audit, information security governance, risk management, or related areas.
• Experience supporting IT audits, IT General Controls (ITGC) testing, compliance assessments, and external audit engagements, including HITRUST, SOC 2, ISO 27001, and SOX preferred.
• CISA certification strongly preferred.
• CISSP, CRISC, ITIL, GIAC, or related certifications are a plus.
• Equivalent combinations of education and experience may be considered.
• Strong knowledge of IT governance, compliance, audit, and risk management principles and practices.
• Experience supporting and coordinating compliance programs, audits, assessments, and remediation activities across multiple regulatory and industry frameworks.
• Knowledge of regulatory requirements and industry standards, including HIPAA, HITRUST, SOX, SOC 2, NIST CSF, NIST 800-53, ISO 27001, and CCPA.
• Strong understanding of IT General Controls (ITGCs), IT audit methodologies, control testing techniques, evidence evaluation, and core control domains, including logical access, change management, SDLC, privileged access, and logging and monitoring controls.
• Experience developing and maintaining policies, procedures, controls, standards, narratives, and governance documentation within an enterprise GRC program.
• Experience working with GRC platforms, compliance workflows, audit evidence management, reporting processes, and control tracking activities.
• Ability to analyze technical processes, system control environments, audit evidence, large data sets, and system-generated reports to identify risks, control deficiencies, and practical remediation solutions.
• Familiarity with scripting languages, automation platforms, data analytics, and AI-assisted technologies used to improve control testing, evidence collection, compliance monitoring, and audit operations.
• Strong organizational, analytical, problem-solving, and project coordination skills with attention to detail.
• Effective verbal and written communication skills with the ability to collaborate across technical, operational, and leadership teams.
• Ability to manage multiple priorities and adapt effectively in a fast-paced environment.
• Proficient in Microsoft Office products, including Word, Excel, Outlook, and PowerPoint.
• Familiarity with quantitative risk analysis methodologies, including FAIR, is a plus.

Nice To Haves

• HITRUST, SOC 2, ISO 27001, and SOX preferred.
• CISA certification strongly preferred.
• CISSP, CRISC, ITIL, GIAC, or related certifications are a plus.
• Familiarity with quantitative risk analysis methodologies, including FAIR, is a plus.

Responsibilities

• Develops, implements, and maintains IT compliance policies, procedures, processes, and controls supporting regulatory, customer, and industry requirements, including HIPAA, HITRUST, SOX, SOC 2, ISO 27001, and CCPA.
• Leads and coordinates internal and external IT audits, assessments, and compliance engagements, including audit planning, evidence collection, remediation tracking, and coordination with business stakeholders and third-party assessors.
• Manages and optimizes Governance, Risk & Compliance (GRC) processes, workflows, tooling, reporting, and monitoring activities supporting control testing, audit readiness, evidence management, remediation tracking, and continuous compliance monitoring.
• Conducts and supports routine and ad hoc testing of IT General Controls (ITGCs), automated controls, application controls, and related compliance processes through walkthroughs, evidence validation, technical analysis, and control testing activities.
• Reviews and analyzes technical evidence, system-generated reports, and control artifacts to validate compliance with established policies, standards, and control requirements.
• Collaborates with technical teams to evaluate system configurations, access controls, change management activities, logging, monitoring, and other technical controls supporting compliance and audit objectives.
• Supports customer compliance activities and audit requests, including responding to customer security and compliance inquiries and maintaining compliance-related reporting commitments.
• Supports continuous compliance and controls monitoring initiatives through automation, data analytics, governance reporting, and control performance tracking activities.
• Reviews and maintains IT security policies, standards, and governance documentation to align with industry frameworks and organizational requirements, including NIST CSF, NIST 800-53, and ISO 27001.
• Supports IT risk management activities, including vulnerability management, patch governance, third-party risk assessments, POAM management, remediation tracking, and security awareness initiatives.
• Ensures IT staff understand assigned compliance responsibilities, risks, and controls through communication, coordination, and training support activities.
• Identifies opportunities to improve compliance, audit, and governance operations through process optimization, control automation, scripting, data analytics, GRC enhancements, and emerging AI-assisted capabilities.
• Ensures compliance commitments and audit activities are completed accurately and within established timelines.
• May lead projects and perform additional duties as assigned, including occasional business travel as required.
• This role does not have direct supervisory responsibilities.

Benefits

• Medical, Dental, and Vision insurance
• Employer Paid Basic Life Insurance and AD&D
• Voluntary Life Insurance (Employee/Spouse/Child)
• Health Care and Dependent Care Flexible Spending Accounts
• Pre-Tax and Post --Tax Commuter and Parking Benefits
• 401(k) Retirement Savings Plan with Company Match
• Paid Time Off
• Paid Parental Leave
• Short-Term and Long-Term Disability
• Tuition Reimbursement
• Employee Discounts (retail, hotel, food, restaurants, car rental and much more!)