Senior IT Risk & Assurance Analyst

About The Position

Requirements

• Bachelor's degree in Information Systems, Accounting, Computer Science, or related discipline; equivalent professional experience may be substituted in lieu of a degree
• 3–6 years of experience in IT audit, IT risk, or IT compliance, such as advisory services at a CPA or consulting firm, IT internal audit at a financial institution, or GRC at a technology company
• Hands-on experience managing or significantly contributing to SOC 1/SOC 2 audit engagements, including evidence collection and walkthrough coordination
• Working knowledge of IT general controls and their application to SOC trust services criteria and/or FFIEC IT Handbook examination standards
• Demonstrated experience performing IT internal control testing and evaluating control effectiveness
• Experience maintaining risk finding registers and managing risk remediation lifecycles
• Familiarity with IT risk assessment frameworks such as FFIEC CAT, NIST CSF, or CIS Controls
• Strong written and verbal communication skills with the ability to interact effectively with external auditors, internal control owners, and management
• Strong organizational skills and the ability to independently manage multiple audit and assurance workstreams in a remote-first environment
• Must be available for quarterly on-site team engagements in Raleigh, NC and periodic on-site visits during external audit fieldwork

Nice To Haves

• CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control)
• Experience in the financial services, banking, or fintech industry
• Experience with FFIEC regulatory examinations or bank/credit union technology audit programs
• Experience with SaaS/cloud environments (AWS, Azure) and understanding of shared responsibility models
• Experience coordinating with outsourced or co-sourced internal audit functions

Responsibilities

• Serve as a primary point of contact for external audit firms conducting enterprise SOC 1 and SOC 2 audit engagements, managing the engagement lifecycle from annual renewal and kickoff through final report issuance
• Manage ad-hoc SOC 1 and SOC 2 audit engagements for newly acquired products not yet in scope of the enterprise SOC reports
• Coordinate document requests, evidence collection timelines, and walkthrough scheduling with internal control owners across the organization
• Evaluate audit artifacts for completeness and accuracy before submission to external auditors
• Communicate preliminary audit findings to management and assist in drafting management responses
• Serve as the primary liaison with the external IT internal audit firm, managing document requests, walkthrough scheduling, and audit status reporting for audits aligned with FFIEC IT Handbook standards
• Perform walkthroughs with product teams and internal control owners to assess the IT internal control environment and recommend IT internal controls based on SOC and IT internal audit requirements
• Proactively identify control gaps and recommend remediation strategies to control owners
• Own the full lifecycle of the IT risk finding register, from opening findings through remediation closure, including escalation of overdue findings to management
• Document and process risk acceptance based on control owner feedback
• Perform ongoing monitoring of specific IT internal controls to ensure SOC and IT internal audit readiness throughout the year
• Perform periodic IT internal control testing to validate control design and operating effectiveness
• Conduct periodic risk finding reviews to verify findings were closed appropriately with supporting remediation evidence
• Lead annual updates to IT risk assessments, including the FFIEC Cybersecurity Assessment Tool (CAT), NIST CSF control mappings, and CIS Controls risk assessments
• Lead the annual business impact analysis update, evaluating likelihood and impact of potential disruptions to the technology environment
• Coordinate the annual policy update cycle with policy owners, including documenting changes, presenting to the IT Steering Committee, and coordinating management and Board approval
• Perform additional IT risk and assurance duties as assigned to support the team's evolving needs

Benefits

• Market competitive total rewards package
• Competitive salary along with full health benefits with an HSA option
• Flexible PTO and bank holidays
• 401(k) plan and company match