It Compliance Analyst

Under the direction of the Chief Information Security Officer (CISO), the IT Compliance Analyst is responsible for supporting IT internal controls and ensuring compliance across all divisions and multiple technology platforms. This role is crucial in maintaining the integrity and security of the organizations IT systems.

The ideal candidate will be highly driven, with a proven track record of supporting various projects and strategic initiatives across a business. Their experience will enable them to effectively contribute to the implementation and monitoring of compliance processes, ensuring that the organization adheres to industry standards and regulatory requirements.

Duties and Responsibilities

• Manage annual IT testing for internal and external audits, risk assessments, and regulatory, legal, and policy compliance
• Lead preparation for annual IT testing activities
• Conduct IT Compliance training sessions to prepare for IT assessments
• Collaborate with leadership on compliance-related concerns and present findings and suggestions to them
• Ensure prompt turnarounds by supporting internal and external audit requests
• Inform others about IT issues and shortcomings to ensure that remedial action plans are in place
• Make suggestions for repeatable, quantifiable, and long-lasting remediation programs, and follow up on action plans until they are completed
• Develop IT documentation for IT internal controls in consultation with IT, including IT process narratives, process flows, and documented control actions
• Establish and sustain governance tools for risk and compliance to support IT compliance activities
• Ensure compliance with the IT frameworks by helping IT control owners implement and validate controls for the processes of access management, release management, change management, and vendor management
• Work with control owners to ensure controls are actively managed and monitored throughout the year
• Collaborate with IT on how to efficiently adhere to IT standards and proactively reduce risks
• Cooperate with business partners to help IT satisfy new and existing regulatory obligations across all divisions, including needs from other countries
• Create and maintain productive working relationships with key business, internal audit, and compliance officials as well as IT staff from each division

Education

• Bachelors degree in business, computer information systems, management information systems, computer science, or a related field

Required Skills and Experience

• 5+ years of IT experience
• 4+ years of experience in IT audit, compliance, or risk management
• Experience working in a large, integrated international corporation
• Expertise in frameworks or legal standards such as COBIT, NIST 800-53, HIPAA, PCI, or GDPR
• Knowledgeable about detecting hazards for automated controls
• Experience developing, implementing, and administering vendor/supplier security assessments
• Proficient in using SAP GRC, including obtaining audit data from SAP and creating reports to satisfy audit requirements
• Experience managing projects in a complex, decentralized IT organization
• Experience working with ERP systems such JD Edwards and SAP ECC systems to detect problems, generate problems and reports, and fix problems
• Working knowledge of databases, application development, or support
• Comprehensive understanding of evaluating third-party SSAE 16 (SOC 1) reports and contracts to ensure that the third-party vendors and partners have effective internal control programs and identify any risks they might present
• Ability to collaborate well in a dynamic, fast-paced setting
• Ability to balance a variety of resources, due dates, and requirements while working on various tasks
• Strong written and verbal communication skills, including the capacity to speak with business partners in an effective manner regarding IT risks