IT Governance Risk & Compliance Analyst(Security Analyst and Auditor)

Overview

Hybrid
Depends on Experience
Contract - Independent
Contract - W2
Contract - 6 Month(s)

Skills

Identify SOX/SOC/Regulatory issues
Segregation of Duties (SoD) concerns
SOX/SOC audits

Job Details

This role is a mix of Security Analyst and Auditor. The individual is responsible for Security related tasks including the day-to-day administration of the different information security controls and reviews, creation of new processes and facilitating ongoing audits.

Support IT compliance program: Assist in developing, implementing, and executing the Company s IT compliance program.

  • Identify SOX/SOC/Regulatory issues: Determine the proper root cause and provide guidance on potential remediation actions.
  • Identify and address audit concerns: Recognize existing or potential issues and conduct further research, as necessary.
  • Examples include: Segregation of Duties (SoD) concerns, improvements to processes, and evidence of approval.
  • Collaborate with cross-functional teams: Interface with various departments, consultants, and vendors to participate in SOX/SOC audits and recommendations meetings.
  • Liaison with auditors: Facilitate communication with external and internal auditors, acting as a liaison between auditors and theT department.
  • Align policies and procedures: Provide input to align IT and Security policies, standards, and procedures with compliance requirements.
  • Support compliance with laws and regulations: Assist process owners, control owners, control performers, and compliance coordinators in ensuring controls are well-defined and compliant with applicable laws and regulations.
  • Continuous monitoring: Experience in building control testing and evidence collection to efficiently collect and analyze the effectiveness of controls.
  • Evaluate security and controls: Assess the security and controls of various on-premises and cloud-based technologies.
  • Create documentation as needed and ensure it reflects a high level of quality.
  • Additional duties as required by management

Knowledge, Skills, and Abilities

Knowledge of IT controls and governance frameworks: Demonstrate a fundamental understanding of general computer control areas, IT governance frameworks, and Sarbanes-Oxley

  • Experience with internal controls design and implementation: Possess fundamental experience in designing and implementing

a system of internal controls, preferably within a large-scale management-led SOX organization.

Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience

  • Holds or is working toward one or more of the following: CISSP, CISA, CRISC, CGEIT, or GRCP
  • At least 3+ years' experience in cybersecurity or audit and exposure with various security frameworks.

Experience and understanding of various regulatory requirements and laws, including but not limited to: SOX, FFIEC and GLBA. Additional experience in one or more of the following: ISO 2700X, ITIL, or NIST

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.