Senior IT Controls and Compliance Analyst

Skills:

• Assist in the creation of an IT risk assessment, and develop self-assessment programs to evaluate areas of risk or concern based on regulatory, customer, internal and best practice requirements across the enterprise
• Perform analysis of audit control gaps over processes and tools, analyze evidence, and provide recommendations to remediate findings and improve the control environment and experience in control testing
• Advise management on the design and implementation of control activities that reduce risk, add value, and mature the control environment
• Assist in the development, maintenance and implementation of ITCC tools and processes to streamline and automate compliance and control activities
• Support the enterprise Information Security and IT compliance awareness, communication, and education programs
• Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties
• Assist with the maintenance and update of ITCC program documents
• Maintain an understanding of Company and IT objectives and risks
• Assist with other Information Security and ITCC initiatives as needed
• Perform ongoing education and training in Information Security related areas
• Provide subject matter expertise related to IT General Controls and Information Security policies and standards
• Maintain data within system of record which tracks issues, engagements and metrics that gets communicated throughout the organization
• Required to perform duties outside of normal work hours based on business needs.
• Gain support and consensus with multiple stakeholders and partners (internal and external)
• Manage multiple initiatives simultaneously, with strong ability to prioritize
• Respond appropriately to potential audit findings including vetting and assessment of risk
• Customer focused in the context of balancing risk reduction with business needs
• High attention to detail to manage, analyze and finalize artifacts and documents
• Highly developed oral and written communication skills; strong presentation skills
• Highly flexible, adapting to changes in priorities and requirements
• Development and maintenance program-related documentation (e.g., standard operating procedures)
• Participates in brain-storming discussions and can act in an advisory capacity
• Tasks can require originality and ingenuity to evaluate risks and determine appropriate and cost-effective controls to mitigate risk
• Tasks range in complexity from simple (perform an audit step) to fairly complex (perform a risk assessment and create an audit program to address risks)
• Effectively communicate IT compliance expectations to all levels of the organization including operational personnel executive management
• Ability to quickly learn, communicate and apply technical concepts
• Experience with risk management frameworks such as NIST RMF, COSO, and ISO 27001
• Lead governance meetings including defining agendas, documenting meeting minutes and performing formal archival of key artifacts that result in a proper audit trail
• Experience with various GRC business systems such as ServiceNow, Archer, MetricStream etc.
• Work with a service management team on developing and configuring ServiceNow applications and solutions to implement system stakeholder requirements