Senior Analyst - IT Internal Controls

About The Position

Requirements

• Bachelor’s degree in Information Systems, Accounting, Finance, Computer Science, or related field.
• 4+ years of experience in IT audit, IT risk, information security, or internal controls.
• Strong understanding of ITGCs, SOX compliance, COSO, COBIT, and information security frameworks (e.g., NIST, ISO 27001).
• Experience auditing cloud environments (e.g., AWS, Azure), SaaS platforms, and modern system architectures.
• Knowledge of access controls, identity and access management (IAM), change management processes, and SDLC controls.
• Understanding of data governance, data integrity, and system interface controls.
• Strong analytical and problem-solving skills with the ability to evaluate complex IT environments.
• Strong written and verbal communication skills, with the ability to translate technical risks into business impact.
• Detail-oriented with strong documentation and organizational skills.
• Ability to build effective partnerships across IT, Security, Finance, Compliance, and Operations.

Nice To Haves

• Professional certifications preferred: CISA, CISSP, CIA, or CPA.
• Prior public accounting (Big 4) or IT advisory experience preferred.
• Experience with audit analytics and tools (e.g., SQL, Python, PowerBI, Snowflake) preferred.
• Occasional travel required (generally a few days per quarter)

Responsibilities

• Leads and performs IT risk assessments, control testing, and remediation activities for SOX ITGCs, automated controls, and system-integrated business processes.
• Evaluates the design and effectiveness of controls over access management, change management, system operations, and data integrity across key platforms and applications.
• Supports SOC 1 / SOC 2 reviews, third-party risk assessments, and complementary user entity control (CUEC) evaluations.
• Prepares and maintains detailed audit workpapers, system documentation, and testing evidence to support audit conclusions.
• Partners with IT and business teams to identify control gaps, recommend practical remediation strategies, and monitor timely resolution of deficiencies.
• Supports system implementations, upgrades, and transformations (e.g., ERP, policy admin, data platforms) by advising on control design and risk mitigation.
• Leverages data analytics and audit tools to enhance testing efficiency, coverage, and insight generation.
• Communicates IT control issues, cybersecurity risks, and recommendations clearly to management and stakeholders at all levels.