GRC Audit and Compliance Analyst
GRC Audit and Compliance Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Description
The Audit and Compliance Analyst is responsible for ensuring IT and business operations adhere to internal controls regulatory standards and corporate policies. This role supports SOX compliance access reviews audit coordination and privileged account monitoring across SAP and other enterprise systems.
Key Responsibilities
SOX Controls Monitoring (Production deployment checks)
- Conduct monthly and emergency SOX checks to validate:
- UAT completion and approval prior to production deployment
- Final IT approvals for code migration
- Valid change requests and proper documentation
- Business and IT approval workflows
- Review support messages for emergency changes and validate UAT results
Firefighter ID (FFID) Usage Oversight
- Monitor and review Firefighter account activity across SAP systems
- Update weekly scorecards and audit repositories
- Send re-confirmation emails to business owners
- Track exception approvals and ensure compliance documentation
- Conduct Firefighter uPerform training sessions
Audit Coordination
- Respond to adhoc audit requests including:
- IT SOX financial compliance integrated audits statutory audits
- Support internal and external audit teams with required documentation
Access and Account Management
- Monitor default generic and shared accounts for compliance
- Review privileged access and critical transactions in SAP
- Validate batch job and interface processes
- Conduct annual user access reviews and remediate findings
- Ensure timely removal of terminated users and inactive accounts
- Perform SoD checks and validate dialog account validity dates
Admin and Developer Access Control
- Restrict super user access for system and security administrators
- Monitor developer access to ensure no production deployment rights
- Track code changes in test/QA environments
Reporting and Documentation
- Generate SM20 reports for FFID usage on sensitive transactions
- Monitor system configuration changes and login attempts
- Maintain audit repositories and compliance logs
Operational Oversight
- Submit weekly status reports and time tracking
- Validate and update approver lists for access and change requests
- Ensure compliance with corporate password management policies
- Restrict access to critical application/data files and utilities
Required Qualifications
- Bachelors degree in information systems or related field
- 2 years of experience in IT audit compliance or risk management
- Strong understanding of SOX SAP security and access controls
- Familiarity with Firefighter ID management and SM20 reporting
- Experience with GRC ARM GRC SoD analysis and batch job monitoring
- Excellent documentation and communication skills
- Ability to manage multiple audits and compliance tasks simultaneously
Required Experience:
IC
Employment Type
Full-Time
