IT Audit & GRC Operations Lead (SAI360 Focus)

Title- IT Audit & GRC Operations Lead (SAI360 Focus)
Location- Chandler, AZ Onsite

Need Local Candidates Only

Role Overview

The combined role of GRC Tools Specialist and Risk & Vulnerability Analyst will be instrumental in supporting the organization s IT compliance strategy for Infrastructure and Operations by leveraging Governance, Risk, and Compliance (GRC) platforms primarily SAI360 and project management tools such as Workfront. This position is responsible for evidence gathering, issue management, management action plans (MAPs), audit finding and evidence review, and the creation of infrastructure system documentation. The analyst will prioritize and manage both audit and non-audit issues within Infrastructure and Operations teams, coordinating closely with ERM and 1RCO teams to ensure gaps and requirements are addressed for successful issue and MAP closure. The ideal candidate will demonstrate technical competence, initiative, creativity, and teamwork while collaborating with distributed team members and stakeholders.

Key Responsibilities

• Utilize SAI360 GRC platform and project management tools like Workfront to manage compliance activities, including evidence collection, issue tracking, MAPs, and reporting.
• Coordinate and oversee the gathering of audit evidence from infrastructure systems and maintain organized documentation of findings, while setting clear requirements for evidence needed.
• Manage issues and remediation tasks within the GRC platform, ensuring timely resolution, accurate status tracking, and driving meetings with Infrastructure and Operations teams for weekly updates and priorities.
• Review audit findings and associate evidence for completeness, accuracy, and alignment with regulatory requirements; update and review Workfront dashboards with weekly updates on open issues and MAPs.
• Apply knowledge of COBIT, NIST, CIS, SOX, and COSO frameworks to ensure controls are properly designed, implemented, and documented, including controls testing and documentation.
• Coordinate with 1RCO and ERM teams to understand gaps and requirements, and automate monthly reporting for Issues, MAPs, and IT exceptions for Infrastructure and Operations teams.
• Leverage ServiceNow for incident and change management and collaborate with multiple teams on risk exceptions procedures.
• Create and maintain clear, concise documentation for infrastructure systems, including user manuals, policy, and procedure information to support compliance, audit, and operational needs.
• Mentor team members, establish practices for quality and consistency, and contribute to the team s capabilities by sharing knowledge and fostering collaboration.
• Report weekly to management on project status, deployment results, and operations, as well as work with stakeholders to achieve business goals and support requirements with appropriate technology solutions.

What you will need:

• Bachelor's Degree
• 7+ years of experience in technology audit, compliance, or governance & risk management, preferably in the financial services industry
• 3+ years of experience with cloud environments
• 5+ years in an agile or scrum environment
• Experience with regulatory requirements and control frameworks (e.g., SOX, COSO, NIST, COBIT, CIS)
• Demonstrated ability to manage multiple projects simultaneously, prioritize tasks, and meet deadlines in a fast-paced environment
• Expertise in controls testing, controls documentation, and building out reporting
• Audit experience and evidence gathering, including setting requirements for what evidence to collect
• Technical competence, strong analytical and consulting skills, and experience in strategic planning and risk management practices
• Excellent verbal and written communication skills, with the ability to communicate complex issues to technical and non-technical audiences and senior management
• Proven ability to build strong, cohesive partnerships with business, operations, and technology leadership and work effectively in a matrix organization
• Team player with a can do attitude, proven leadership, communication, organizational, and interpersonal skills
• Self-motivated, detail-oriented, able to integrate and apply feedback professionally
• Ability to support business requirements, deliver innovation, and drive improved customer and employee experience