IT Governance Risk & Compliance Analyst

Job Title: IT Governance Risk & Compliance Analyst

Duration: 6 months Contract to Hire

Location: Coppell, TX

Hybrid: Tuesday/Wed/Thursday-3 days

This role is a mix of Security Analyst and Auditor. The individual is responsible for Security related tasks including the day-to-day administration of the different information security controls and reviews, creation of new processes and facilitating ongoing audits.

Support IT compliance program: Assist in developing, implementing, and executing the Company s IT compliance program.

• Identify SOX/SOC/Regulatory issues: Determine the proper root cause and provide guidance on potential remediation actions.
• Identify and address audit concerns: Recognize existing or potential issues and conduct further research, as necessary.
• Examples include: Segregation of Duties (SoD) concerns, improvements to processes, and evidence of approval.
• Collaborate with cross-functional teams: Interface with various departments, consultants, and vendors to participate in SOX/SOC audits and recommendations meetings.
• Liaison with auditors: Facilitate communication with external and internal auditors, acting as a liaison between auditors and theT department.
• Align policies and procedures: Provide input to align IT and Security policies, standards, and procedures with compliance requirements.
• Support compliance with laws and regulations: Assist process owners, control owners, control performers, and compliance coordinators in ensuring controls are well-defined and compliant with applicable laws and regulations.
• Continuous monitoring: Experience in building control testing and evidence collection to efficiently collect and analyze the effectiveness of controls.
• Evaluate security and controls: Assess the security and controls of various on-premises and cloud-based technologies.
• Create documentation as needed and ensure it reflects a high level of quality.
• Additional duties as required by management

Knowledge, Skills, and Abilities

Knowledge of IT controls and governance frameworks: Demonstrate a fundamental understanding of general computer control areas, IT governance frameworks, and Sarbanes-Oxley

• Experience with internal controls design and implementation: Possess fundamental experience in designing and implementing

a system of internal controls, preferably within a large-scale management-led SOX organization.

Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience

• Holds or is working toward one or more of the following: CISSP, CISA, CRISC, CGEIT, or GRCP
• At least 3 years' experience in cybersecurity or audit and exposure with various security frameworks.

Experience and understanding of various regulatory requirements and laws, including but not limited to: SOX, FFIEC and GLBA. Additional experience in one or more of the following: ISO 2700X, ITIL, or NIST