IT Compliance Analyst

IT Compliance Analyst

Mesa AZ

Long term

Role
The primary responsibility of the IT Compliance Analyst is to ensure the processes and associated controls for the compliance frameworks are designed managed and assessed for effectiveness to reduce overall compliance risk across the organization. This includes performing continuous monitoring and driving audit actions to ensure adherence to the in-scope compliance frameworks. As part of their day-to-day the IT Compliance Analyst will liaise closely with Internal Audit and key stakeholders to ensure full alignment on all IT regulatory compliance issues.

Reports To: IT Compliance Manager

Key Responsibilities

Audit & Compliance

• Establish a comprehensive understanding of the organizations audit and compliance programs (i.e. SOX PCI ISO 27001 SOC 2 Cyber Essentials FedRAMP etc.).
• Serve as the:
  primary subject matter expert leading assigned audit program(s).
  backup support to other audit programs as assigned.
• This includes scoping the audit scheduling activities leading calls coordinating and fulfilling document request lists leading walkthroughs and other audit tasks as appropriate.
• Work collaboratively with control owners on audit remediation work.

Policies & Procedures

• Assist control owners in development and refinement of controls (i.e. policy requirements and/or ITGCs) for in-scope systems.
• Work collaboratively with internal and external auditors to ensure controls are consistent with expectations and leading practices.
• Assist control owners to identify any potential issues prior to formal audits.

Documentation & Program Maintenance

• Efficiently manage tasks prioritize responsibilities and maintain order in a fast-paced environment.
• Perform and support the continuous monitoring of IT controls.
• Report and present metrics from monitoring and audit activities to senior leadership.
• Support general tasks including but not limited to:
  I) process improvement initiatives
  II) RFI/RFP/contract responses
  III) risk management assessments
  IV) vendor risk reviews
  V) ticket responses
  VI) project work

Education and Experience

• Bachelors degree in an appropriate field from an accredited university or equivalent experience.
• SOX & PCI working experience and/or certification(s).
• Experience performing audits leading control walkthroughs interviewing stakeholders gathering information and identifying relevant information for documentation.
• Coachable and willing to learn.
• Ability to take initiative and drive results.

Preferred

• ISO 27001 working experience and/or certification(s).
• Strong organizational and time management abilities with formal project management experience and/or certification(s).
• Ability to work collaboratively with diverse stakeholders.
• Experience working in AuditBoard.
• Proficiency in Microsoft Office (i.e. Excel XLOOKUP Power BI report building).

Desired

• SOC 2 & NIST working experience and/or certification(s).
• Experience working in a regulated industry.
• Experience with ERP systems (e.g. Oracle SAP NetSuite Great Plains etc.).