IT Audit & Compliance Analyst

We are seeking a detail-oriented and proactive IT Audit & Compliance Analyst with over 3 years of experience in IT audit, compliance, and risk assessment. The ideal candidate will have hands-on expertise in IT General Controls (ITGC), IT Application Controls (ITACs) in Business Controls and SOC 2 audit compliance. This role involves assessing control design and operating effectiveness, identifying risks, and supporting internal and external audits to ensure compliance with regulatory and organizational standards.

Key Responsibilities:

·      Conduct comprehensive audits of ERP systems (SAP, Dynamics, Oracle NetSuite, etc) and other applications to evaluate the adequacy and effectiveness of internal controls, compliance with regulations, and adherence to best practices.

·      Perform ITGC and ITAC assessments, including Access Management, Change Management, Backup & Recovery, and Audit Trail.

·      Conduct SOC 2 Type I and Type II readiness assessments and audits.

·      Assist in scoping, planning, and executing IT compliance audits and reviews.

·      Collaborate with cross-functional teams to perform control walkthroughs and test design and operating effectiveness of controls.

·      Identify control gaps, assess risks, and recommend remediation actions.

·      Coordinate with internal stakeholders and external auditors for evidence collection, control clarifications, and audit support.

·      Prepare and maintain audit documentation, including Risk and Control Matrices (RCMs), testing results, and management reports.

·      Ensure compliance with frameworks such as SOC 2, SOX, ISO 27001, COBIT, and COSO.

·      Perform IT risk assessments and support process improvement initiatives to strengthen internal controls.

Primary Skills:

·      Strong knowledge of ITGC and ITAC testing methodologies.

·      Hands-on experience with SOC 2 (Type I & II) audits and compliance activities.

·      Proficiency in auditing across various ERP environments, including SAP, Microsoft Dynamics, QAD, and NetSuite. Etc.

·      Solid understanding of Trust Services Criteria, risk and control frameworks, and audit lifecycle management.

·      Strong knowledge of Access Controls, Change Management, IT Operations, and Network Security.

·      Skilled in audit documentation, evidence management, and reporting.

·      Excellent communication, analytical, and problem-solving skills with the ability to work collaboratively across teams.

Educational Qualifications:

·      Bachelor's degree in Information Technology, Computer Science, Accounting, Finance, or a related field. Advanced degree or relevant certifications (e.g., CISA, CISSP, CISM) preferred.

·      Preferred Certifications: CISA, ISO 27001 Lead Auditor, or equivalent (not mandatory but advantageous).

·      Knowledge of auditing standards, frameworks (e.g., COBIT, ISO 27001), and regulatory requirements (e.g., SOX, GDPR)