Security Analyst

Job Description:

Job Title: Security Analyst

Location: Seattle, WA - Hybrid

Employment Type: Contract

Duration: 6+ months of contract

About VLink: Started in 2006 and headquartered in Connecticut, VLink is one of the fastest growing digital technology services and consulting companies. Since its inception, our innovative team members have been solving the most complex business, and IT challenges of our global clients.

Job Details:

• We are an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

About this team:

• The Cybersecurity team enables the company to conduct its global operations in a secure manner and safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintaining a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for a SOX Technical Program Manager, with demonstrated expertise with SOX 404, specifically with respect to IT General Controls.

A Day in the Life:

• As the SOX Technical Program Manager, you will play a critical role in embedding SOX compliance and establishment of IT General Controls into our technology project lifecycle. You will partner closely with the Cybersecurity GRC team, Technology stakeholders, and business leaders to ensure that new systems, enhancements, and integrations are designed and implemented with strong internal controls that meet SOX requirements.
• You will lead the design, implementation, and monitoring of SOX IT general controls across the SDLC, ensuring that access and privileged account management, change management, and system configuration processes are compliant from project initiation through deployment. Your work will directly support the integrity of financial reporting and the effectiveness of our internal control environment.

Key Responsibilities:

• Lead the implementation of SOX IT controls across new technology projects and system development initiatives.
• Collaborate with project teams to embed control requirements into project plans, technical designs, and implementation roadmaps.
• Document SOX control design narratives and operating effectiveness testing for in-scope systems and tools.
• Serve as the subject matter expert (SME) for SOX compliance within the SDLC, providing guidance on control design, risk mitigation, and audit readiness.
• Coordinate walkthroughs, evidence collection, and control testing with internal and external auditors.
• Partner with Global Architecture, Engineering, and Product teams to assess the SOX impact of new technologies and system changes.
• Monitor and track remediation of control deficiencies, ensuring timely resolution and sustainable fixes.
• Support quarterly SOX certifications and management attestations related to new systems and changes.
• Maintain centralized documentation and evidence repositories to support audit and compliance activities.
• Provide regular reporting and metrics on SOX SDLC program health, control coverage, and remediation status.
• Educate and train project teams and control owners on SOX requirements and best practices.

Qualifications:

• 5+ years of experience in IT Audit, Security GRC, or SOX compliance, with a strong focus on SDLC, access management, and change management controls.
• Big 4 or equivalent IT Audit experience required, with demonstrated expertise in evaluating ITGCs and application controls.
• Deep understanding of SOX Section 404, including risk assessment, control design, and testing methodologies.
• Proven experience defining, documenting, and implementing SOX controls in system development and project environments.
• Strong knowledge of ITdomains: access controls, change management, IT operations, and SDLC.
• Familiarity with retail systems (e.g., Oracle EBS, RMS, OMS, WMS) and their SOX implications.
• Experience with cloud platforms (AWS, Azure), SaaS applications, and their impact on SOX compliance.
• Ability to collaborate with stakeholders and control owners to drive accountability and ownership for technology controls and facilitate an environment of continuous compliance
• Proficiency with GRC tools such as ServiceNow, Jira, or Archer for managing change and compliance workflows.
• Strong communication and stakeholder engagement skills, with the ability to influence cross-functional teams.
• Ability to manage multiple priorities in a fast-paced, global environment.
• Professional certifications such as CISA, CPA, CISSP, or CIA are required.

Must haves:

• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness and creates the space for others to do the same.
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working, aka doesn't take themselves too seriously.

Employment Practices:

EEO, ADA, FMLA Compliant

VLink is an equal opportunity employer. At VLink, we are committed to embracing diversity, multiculturalism, and inclusion. VLink does not discriminate on the basis of race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. All aspects of employment including the decision to hire, promote, or discharge, will be decided on the basis of qualifications, merit, performance, and business needs.