IT Risk Management Specialist

About The Position

Requirements

• Experience: 6+ years of progressive IT audit and compliance experience, preferably in a large enterprise or highly regulated environment.
• Framework Expertise: Hands-on experience with SOX, SOC, FedRAMP, and PCI frameworks, including the implementation and auditing of ITGCs and system security controls.
• Technical Knowledge: Working knowledge of industry-recognized frameworks such as NIST 800-53 (FedRAMP), ISO/IEC 27001 (including Annex A controls), and COBIT, with proven ability to map controls for unified compliance strategies.
• Risk Management: Strong foundation in IT risk management, governance, and data protection principles, with a demonstrated ability to identify compliance gaps and design effective controls.
• Process & Documentation: Proficiency in process design and documentation, including the ability to develop and optimize workflows, policies, and robust Standard Operating Procedures (SOPs).
• Communication: Exceptional written communication and technical writing skills, with the ability to produce clear and concise compliance reports, governance policies, and training materials for all audience levels.
• Adaptability: Demonstrated ability to adapt control design and audit planning to complex environments with system limitations and evolving business requirements.

Responsibilities

• IT Audit & Compliance Program Management: Lead and support recurring IT system audits, ensuring compliance verification and adherence to Electronic Audit Evidence (EAE) requirements.
• Plan, execute, and document audit testing activities, including Tests of Design (TODs), Tests of Effectiveness (TOEs), and Quarterly Access Reviews (QARs).
• Design and operationalize recurring audit procedures, Standard Operating Procedures (SOPs), and evidence collection frameworks for SOX, FedRAMP, and internal governance.
• Assist in external audit walkthroughs, control documentation preparation, and alignment of evidence with auditor expectations.
• Governance & Control Implementation: Monitor, assess, and enforce compliance with SOX, SOC, and internal IT General Control (ITGC) requirements, driving continuous improvement and remediation of identified gaps.
• Design, implement, and maintain FedRAMP-related controls for IT systems, ensuring alignment with NIST 800-53 security and privacy controls.
• Contribute to the development and maintenance of a unified IT compliance framework, integrating requirements from ISO 27001, SOC 2, FedRAMP, and internal risk objectives to reduce audit fatigue.
• Data Governance & Quality: Lead the design, implementation, and enhancement of Data Governance processes, including facilitating stakeholder alignment and developing policy documentation.
• Lead data stewardship initiatives and promote the ownership of data quality and security best practices across the enterprise.
• Training & Collaboration: Collaborate with cross-functional teams (IT Security, Infrastructure, Data Owners) to remediate compliance gaps and uphold governance standards.
• Assist in training efforts for QAR owners, control performers, and IT stakeholders on evidence expectations, validation procedures, and governance alignment.