Senior IT Compliance Analyst

About The Position

Requirements

• 6+ years of experience working in an IT audit/compliance function with a general understanding (at minimum) in several of the IT audit/compliance topics listed below:
• Active Directory, password standards, user access provisioning/deprovisioning, user access reviews, change management, batch jobs/backups, disaster recovery, service accounts, patch management, risk assessment.
• Software development and IT operations knowledge to assess the planning and ongoing maintenance of DevSecOps practices and Application security.
• Solid background knowledge of US domestic IT regulations (i.e., SOX, CCPA, PCI, NY-DFS etc.) is recommended.
• Familiarity with global regulatory frameworks (e.g., GDPR, CBI, DORA, MAS, APRA, BaFin) is preferred but not required.
• Ability to work in a team-based environment and communicate effectively and efficiently with others domestically and globally.

Nice To Haves

• Knowledge of cloud governance, cloud technology and cloud security is a plus.
• Experience with GRC tools such as Workiva, AuditBoard, ServiceNow, Drata, Vanta, or similar platforms is a plus.
• AI experience is a plus, including an understanding of AI risks, responsible AI concepts, or emerging AI regulatory requirements.
• Professional certifications such as CRISC, CISA, CISM, CISSP, or ISO/IEC 27001 Lead Implementer/Lead Auditor (or equivalent) are a plus.

Responsibilities

• Lead in executing IT audit/compliance activities, and follow up with responsible parties regarding outstanding requests, and/or questions.
• Maintain, organize, and store audit evidence in preparation for upcoming scheduled audits.
• Conduct audit readiness assessments (i.e., health checks) and assess the effectiveness of current controls and processes in place.
• Lead in developing, implementing, and executing additional internal IT audit/compliance activities.
• Coordinate with team members regarding the remediation status of closing out identified audit gaps and ensuring compensating controls are implemented.
• Review third-party service providers/vendors as part of IT due diligence, including assessing vendor control environment, reviewing SOC reports (i.e., SOC 2 type 2 reports), validating security certifications, identifying control gaps, and ensuring required remediation or compensating controls.
• Analyze and support compliance with global IT regulatory authorities (i.e., GDPR, CBI, DORA, MAS, APRA, BAFIN, etc.) and coordinate with individuals to ensure controls are in place to meet requirements.
• Provide support to our offices from both a U.S. and global perspective (i.e., Asia, Middle East, UK, Europe, Australasia, etc.) regarding the fulfillment of external audit requests and obligations.
• Attend/participate in e-learning training sessions to increase background knowledge of the ever-evolving IT regulatory landscape.
• Support in AI risk and governance oversight to ensure responsible and compliant use of AI technologies.

Benefits

• A competitive package and exciting growth opportunities for career-oriented teammates.
• A dynamic, action oriented, and thoughtful environment centered on always doing the right thing for our customers, teammates and our other stakeholders.
• A purposely non-bureaucratic organization that embraces simplicity over complexity and emphasizes individual excellence in a team framework.
• Comprehensive Health, Dental and Vision benefits.
• Disability Insurance (both short-term and long-term).
• Life Insurance (for you and your family).
• Accidental Death & Dismemberment Insurance (for you and your family).
• Flexible Spending Accounts.
• Health Reimbursement Account.
• Employee Assistance Program.
• Retirement Savings 401(k) Plan with Company Match.
• Generous holiday and Paid Time Off.
• Tuition Reimbursement.
• Paid Parental Leave.