Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability—and is recognized that way. We’ve been defined as a “mature start-up.” A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We’re engineering for the future of retail, and it’s no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you’ll find that virtually nothing’s impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE: 

The IT Risk Management Sr. Analyst has responsibilities related to Sarbanes Oxley (SOX) Compliance Program. The IT Risk Management Sr. Analyst is responsible for supporting the successful delivery of our SOX Program and for ensuring compliance with SOX controls as they pertain to the information technology components of the company. They work closely with key stakeholders and maintain high quality standards while operating in a highly dynamic and fast paced environment. The individual will work with project teams to ensure ITGC controls are embedded and designed effectively as part of the project deliverables.

YOU'LL ACCOMPLISH THESE GOALS BY: 

• Business Process Improvement: Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends new approaches, typically seeking to exploit technology components. Evaluates the financial, cultural, technological, organizational, and environmental factors which must be addressed in the change program. Develops business requirements for the implementation of significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.
• IT Governance – Understands relevant standards and the principles embedded within them. Evaluates new business proposals and provides specialist advice on compliance issues.
• Data Analysis: Reviews and investigates corporate data requirements, and undertakes data analysis, data modelling and quality assurance techniques, to establish, modify or maintain data structures and their associated components.
• Information Management: Ensures that the business processes and information required to support the organization are defined and devises appropriate standards, processes, and data architectures. Evaluates the impact of any relevant statutory, internal, or external regulations on the organization's use of information and develops strategies for compliance.
• Problem Management: Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Leads the development of problem solutions. Coordinates the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.
• Relationship Management: Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining, and working to stakeholder engagement strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Contributes to the development and enhancement of customer and stakeholder relationships.

 ADDITIONAL RESPONSIBILITIES:

• Foster a high-performance, risk-managed, compliant culture within IT by evangelizing the importance of risk managed solutions and supporting disincentives for non-compliance
• Perform day-to-day aspects including scoping, identifying, and implementing key SOX controls, conducting quarterly and annual review exercises, documenting evidence and partnering with auditors, IT, and business owners to complete the assessments.

• Develop Control Library following industry standards and implement periodic self-assessment procedures to monitor that the controls documented are working as per the design.
• Assist in identifying and validating key controls to address IT and business risks and work with various teams to address identified deficiencies
• Assist with the education and training of process / control owners so they better understand technology control frameworks and their responsibilities
• Assist in the design of security controls, policies, and procedures
• Provide meaningful compliance metrics to the leadership team.
• Build security framework by following industry best practices (e.g., NIST), and ensure periodic risk assessments are being performed, with adequate evidence to support the risk assessment measurements.

ESSENTIALS FOR SUCCESS: 

• Bachelor’s degree in a technical discipline, a related field, or applicable work experience
• 3 years of experience in one or more risk management areas
• 3 years of experience in an information security compliance, audit, or risk management role
• Understanding of SOX requirements and IT General Controls
• Demonstrated experience implementing and assessing SOX related standards, guidelines, and other regulatory mandates
• Experience developing and implementing automation for controls and compliance is preferred
• Experience auditing SAP systems, Infrastructure components & Cloud technologies preferred
• CISA, CISM, CISSP or other officially recognized certification would be desirable
• Strong experience in Information Risk Management best practices
• Experience interacting with business users to support SOX processes.
• Strong analysis/troubleshooting skills
• Excellent communication skills; feels comfortable working with non-technical business partners
• Flexibility of providing support during odd hours, weekends, and peak seasons
• Minimal travel required (training/conferences)

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty’s own private label. Ulta Beauty also offers a full-service salon in every store featuring—hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.