Principal IT Security Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, Information Systems, Information Assurance, or equivalent professional experience.
• 5–7+ years of experience in IT audit, IT compliance, information security, or regulatory assurance roles.
• Demonstrated experience supporting SOX, SOC, and security related audits in complex environments.
• Strong understanding of IT and security control environments and audit methodologies.
• Strong knowledge of IT and security controls, governance concepts, and audit practices.
• Ability to operate effectively as an audit facilitator and liaison, rather than a hands-on security operator.
• Working knowledge of security architectures, cloud environments, and common security technologies sufficient to support audit discussions.
• Excellent written and verbal communication skills, including the ability to present complex topics to executive audiences.
• Strong organizational skills with the ability to manage multiple audit activities and deadlines simultaneously.
• High attention to detail while maintaining the ability to synthesize information into clear audit narratives.
• Ability to influence and coordinate across technical and business teams without direct authority.
• Sound judgment in identifying risk, prioritizing issues, and supporting remediation discussions.

Nice To Haves

• Professional certifications such as CISA, CISSP, CRISC, CGEIT, GRCP, or similar preferred or in progress.

Responsibilities

• Serve as the primary point of contact for internal and external auditors supporting SOX, SOC, and other regulatory or assurance engagements.
• Facilitate communication between auditors, Information Security, IT, and business stakeholders to ensure consistent understanding of audit scope and expectations.
• Coordinate the end-to-end audit lifecycle, including planning, walkthrough scheduling, evidence collection, follow up, and issue closure.
• Assist in developing, implementing, and executing the organization’s IT and security compliance program.
• Identify audit issues, documentation gaps, and control weaknesses, including approvals, segregation of duties, and evidence sufficiency concerns.
• Support root cause analysis discussions and guide stakeholders toward practical, risk appropriate remediation actions.
• Track audit findings, management responses, and remediation commitments through completion.
• Prepare clear, concise audit status updates, summaries, and executive level communications.
• Support leadership with audit narratives, management responses, and clarification of control intent.
• Assist control owners and performers in understanding compliance expectations and evidence standards.
• Provide input to align Information Security and IT policies, standards, and procedures with audit and regulatory requirements.
• Promote consistency, quality, and repeatability in audit documentation and evidence collection processes.
• Evaluate IT and security controls across on premises and cloud environments to assess audit impact and readiness.
• Apply working knowledge of security architecture, cloud platforms, and security tooling to contextualize audit requirements and discussions.
• Participate in architecture or design discussions as needed to assess control alignment and audit implications, without owning technical implementation.
• Develop and maintain high quality audit documentation, control narratives, and support artifacts.
• Support the development of audit related metrics and reporting to monitor program effectiveness and risk trends.
• Escalate unresolved audit or compliance concerns using established governance processes.
• Ability to effectively and accurately convey information to others.
• Perform related duties as assigned by management.

Benefits

• Medical, dental, and vision insurance
• Health Savings Account with employer contribution
• 401(k) Retirement plan with employer match
• Paid Maternity Leave/Parental Bonding Leave/Caregiver Leave
• Adoption Assistance
• Tuition & Certification reimbursement
• Employee Mortgage Loan Program
• The Newrez Employee Emergency and Disaster Fund is a program to support our team members experiencing hardships
• 1 company-paid Volunteer Time Off day (with over 40,000 volunteer hours contributed since our inception)
• Matching Gifts Program - dollar-for-dollar up to $1,000
• Access to grants, nonprofit resources, and volunteer opportunities