Senior IT Governance Analyst

About The Position

Requirements

• Minimum of 5 years of experience in business process analysis
• Strong knowledge of regulatory requirements and industry standards (e.g., ISO 27001, GDPR, SOX)
• Excellent analytical, problem-solving, and decision-making skills
• Strong communication and interpersonal skills
• Demonstrate strong writing skills
• Experience working in a team-oriented, collaborative environment while using analytical and problem-solving skills

Nice To Haves

• Bachelor’s degree in Business Administration, Risk Management, Information Security, or a related field
• Professional certifications such as CISSP, CISM, CRISC, or similar are preferred

Responsibilities

• Develop risk, compliance, and assurance monitoring and measurement strategies
• Oversee and conduct technology program and project audits and communicate status and risk to business stakeholders
• Determine the operational and business risk impacts of cybersecurity lapses
• Determine if procurement activities sufficiently address supply chain risks and recommend improvements to address cybersecurity requirements
• Conduct comprehensive IT audits focused on Sarbanes-Oxley (SOX), IT General Controls (ITGC), and other frameworks
• Develop and implement independent cybersecurity audit processes for application software, networks, and systems
• Coordinate and track remediation of all gaps identified as part of the Due Diligence (DD) process
• Work with internal IT Teams and third-party vendors to track key findings from risk assessments, from discovery to remediation
• Assist in maintaining a secure enterprise environment across the AAON technical landscape; leverage specific or broad in-depth technical skillsets to achieve this outcome
• Communicate clearly, diplomatically and effectively at all levels of the organization and to audiences with varying degrees of process and technical knowledge
• Execute tasks in a high-pressure environment and multi-task
• Ensure alignment with organizational goals and regulatory requirements
• Facilitate the development and implementation of corporate governance strategies
• Identify, assess, and prioritize risks across the organization
• Develop risk mitigation strategies and action plans
• Monitor and report on risk management activities and outcomes
• Ensure compliance with relevant laws, regulations, and industry standards
• Conduct regular compliance audits and assessments
• Develop and deliver compliance training programs for employees
• Collaborate with IT and security teams to ensure data protection and cybersecurity measures are in place
• Monitor and respond to security incidents and breaches
• Maintain and update information security policies and procedures
• Other duties as assigned