Compliance Risk Analyst - Mid-Level

Compliance Risk Analyst
Framingham, MA 01701
8+ Months

100% Remote
Contract and contract to perm talent

What you'll do:
We are looking for an experienced IT Risk & Compliance Analyst to support our team in the IT Compliance Program Office and to be strong contributor to our Sarbanes-Oxley (SOX) IT Program. Client IT is evolving from a compliance-driven organization to one that proactively works in a risk-focused manner.

In this role your core responsibilities will be to:

• Work effectively with management stakeholders within IT and across the business to provide expert-level audit support and guidance.
• Serve as a subject matter expert on the SOX team, providing and implementing best practice and quality insights.
• Work with others to help identify, assess, remediate, and monitor SOX control operation.
• Design new controls and develop effective processes in collaboration with audit stakeholders.
• Work with product teams to ensure SOX controls are in place ahead of system implementations; design and implement solutions where controls are not ready.
• Deliver support to IT teams on remediation of audit findings and development of remediation plans.
• Develop relevant metrics and reports around control test results, audit findings, process improvements and status of evidence requests.
• Collaborate with audit stakeholders to develop continued program process improvements.

What you'll need:
Our team is looking for people who put our internal customers first, are passionate about delivering value without compromising associate experiences, not afraid to try new things in order to seek improvements and 100% outcome focused. Our teams span multiple time zones and cultures, so inclusivity is a must, working within and developing a team with varied strengths through inclusive behaviors is encouraged.

Critical skills:

• Bachelor's degree OR equivalent experience required; major in Business, Computer Science, Information Systems or related field.

• 5-10 years of experience in IT Risk & Compliance Management which includes:

• IT Audit & Assessments
• Aptitude for modern IT Risk & Compliance concepts and methodologies.
• Solid understanding of IT policies, laws, standards and frameworks applicable to the specific technical role e.g. COSO, ISO27001, ISO31000, and NIST

• Outstanding influencing & communication skills

• IT audit and assessment experience; SOX specifically

Preferred:

• At minimum, one Certification:

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Or other certifications preferred

• Familiarity with GRC technology platforms (e.g., ServiceNow, Archer, etc.)

• Client uses ServiceNow which would be a preference over other tools

#TB_EN