Principal IT Assurance Analyst

Principal IT Assurance Analyst

Location: Remote (U.S. Based)
Contract Duration: 6 Months
Start Date: July 2026
Employment Type: Contract

Job Summary

We are seeking a Principal IT Assurance Analyst to lead the assessment, development, and governance of technology policies and standards across the organization. This role will be responsible for evaluating the current policy landscape, establishing a standardized policy lifecycle framework, and ensuring alignment with regulatory, security, audit, and operational requirements.

The ideal candidate will bring deep expertise in IT governance, risk, compliance, and policy management, along with the ability to collaborate effectively across technical and business teams to drive governance maturity and audit readiness.

Key Responsibilities

Policy & Standards Development

• Conduct a comprehensive inventory and assessment of existing IT policies and standards.

• Identify gaps, redundancies, inconsistencies, and areas requiring updates.

• Draft, review, and update policies and standards to align with regulatory, contractual, and operational requirements.

• Translate high-level policy objectives into actionable standards and control requirements.

Governance & Lifecycle Management

• Design and document a standardized policy lifecycle process, including creation, review, approval, publication, and maintenance.

• Establish governance structures, ownership models, and accountability frameworks.

• Develop policy templates, naming conventions, version control processes, and documentation standards.

• Ensure policy governance supports audit traceability and compliance objectives.

Stakeholder Collaboration

• Partner with technology, compliance, privacy, security, legal, and audit teams to validate requirements and ownership.

• Facilitate workshops and working sessions to drive consensus and policy alignment.

• Serve as a liaison between policy owners and control owners to ensure clear accountability and governance.

Policy Communication & Adoption

• Support the creation of policy awareness and communication materials.

• Ensure policies and standards are centralized, accessible, and easy to understand.

• Promote adoption and understanding of governance expectations across the organization.

Expected Deliverables

• Comprehensive inventory of existing technology policies and standards.

• Gap analysis with remediation recommendations.

• Standardized governance framework and policy lifecycle process.

• Policy templates and documentation standards.

• Prioritized roadmap for policy updates and new policy development.

Top Required Skills (Ranked)

1. Experience working with regulatory and control frameworks such as NIST, ISO 27001, SOC 2, SOX, and related standards.

2. Strong experience in policy management, governance, and standards development.

3. Broad technology governance experience beyond security, including areas such as change management, program management, operational controls, and technology processes.

Additional Required Qualifications

• 7+ years of experience in IT governance, risk management, compliance, audit, or policy management.

• Strong policy writing and technical documentation skills.

• Deep understanding of IT governance and control frameworks.

• Ability to translate regulatory requirements into clear, business-friendly standards and controls.

• Strong stakeholder management, facilitation, and communication skills.

• Excellent analytical, organizational, and problem-solving abilities.

• Ability to manage multiple initiatives simultaneously while maintaining attention to detail.

• Experience conducting assessments, identifying control gaps, and recommending remediation strategies.

Preferred Qualifications

• Experience supporting audit readiness and compliance initiatives.

• Experience developing enterprise governance frameworks and operating models.

• Familiarity with risk management and control assessment methodologies.

Education

• Bachelor''s degree in Information Technology, Cybersecurity, Risk Management, Business, or a related field.

Preferred Certifications

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Certified in Risk and Information Systems Control (CRISC)

• Equivalent governance, risk, or compliance certifications

What Makes This Role Unique

This is a highly visible role focused on building foundational governance processes that will shape how technology policies and standards are managed across the organization. The position offers a blend of strategic planning and hands-on execution while partnering with senior stakeholders across technology, compliance, privacy, security, and audit functions.

Not eligible for Corp2Corp

Candidates must be legally authorized to work in the US without sponsorship.

CLIENT does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.