Lead DI Security and Compliance Analyst

About The Position

Requirements

• Bachelor's Degree or Equivalent Years of Relevant Work Experience
• Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

Nice To Haves

• Typically requires 12+ years of relevant experience
• Minimum of 3+ years of progressive experience in one or more of the following: information technology, information security, IT compliance, or IT audit.
• Demonstrated hands-on experience with IT General Controls (ITGC) design, documentation, and testing within a SOX-regulated environment.
• Experience working within or supporting a second line of defense function, internal audit team, or external audit engagement in an IT capacity.
• Strong understanding of risk assessment methodologies and the ability to evaluate and document IT risk.
• Familiarity with enterprise IT environments, including ERP systems (SAP, Oracle, Workday, Salesforce, IFS Cloud) cloud infrastructure (AWS, Azure, GCP), and identity governance and SOD technology platforms.
• Technical Knowledge Experience and proficient with Security Operations, Access Management, Platform Security, and Data Security technologies at an engineering or architecture level.
• Solid understanding of IT control frameworks: COSO, COBIT, NIST Cybersecurity Framework (CSF), ISO 27001, and SOX 302/404.
• Working knowledge of cybersecurity principles including access management, identity governance, vulnerability management, and data protection.
• Familiarity with common enterprise application controls, database controls, and infrastructure controls relevant to IT audit.
• Audit Experience Experience in auditing, compliance, or risk management role with responsibility for risk assessments, ITGC walkthroughs, and control testing.
• Exposure to audits conducted under PCAOB standards (AS 2201) is plus.
• Industry Certifications CISA, CISM, CISSP, CIA, CPA
• Core Competencies IT General Controls (ITGC) expertise
• Security Architecture or Engineering experience
• SOX 404 compliance and testing
• Risk assessment and risk register management
• Access management and identity governance
• Cybersecurity frameworks (NIST, ISO 27001, COBIT)
• Professional Competencies Cross-functional stakeholder communication
• Executive-level written and verbal reporting
• Project and audit lifecycle management
• Training development and facilitation

Responsibilities

• Conduct annual and ad hoc IT risk assessments to identify, evaluate, and prioritize risks across the IT environment.
• Perform second-line-of-defense control testing across ITGC domains, including role-based access reviews, segregation of duties (SoD) analysis, change management sampling, and operational control testing.
• Monitor the effectiveness of first-line control self-assessments (CSAs) and provide feedback to strengthen the first line of defense.
• Conduct periodic access recertification reviews and support User Access Reviews (UARs) for in-scope systems.
• Identify trends in control failures and emerging risks, escalating systemic issues to leadership with actionable recommendations.
• Develop and maintain standardized tools, guidance materials, and training programs to build organizational GRC capability and ensure audit preparedness.
• Develop, maintain, and distribute IT audit readiness checklists tailored to control domains, audit cycles, and specific regulatory requirements.
• Design and deliver training programs and awareness sessions for IT control owners, process owners, and first-line staff on ITGC requirements, SOX compliance, and evidence collection best practices.
• Maintain a GRC knowledge base and content for ongoing stakeholder reference.
• Act as a key point of contact between the CISO organization, Internal Audit, and the Risk & Controls function and other technology functions, fostering a collaborative and transparent governance culture.
• Build and maintain trusted relationships with Internal Audit leadership, Risk & Controls management, IT leadership, and business process owners.
• Provide regular status reporting on audit activities, risk posture, and control effectiveness to the CISO and senior IT leadership.

Benefits

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule