Technology Risk & Controls Testing Analyst

Responsibilities

Kforce has a client that is seeking a Technology Risk & Controls Testing Analyst in Phoenix, AZ. Overview: The Technology Risk & Controls Testing Analyst is a key member of the Second Line of Defense, responsible for executing independent testing of information security and technology controls. This role supports the Technology Risk Management organization by performing targeted, risk-based testing to evaluate the design and operating effectiveness of controls across IT and cybersecurity environments. This position is highly execution-focused and requires strong independent judgment, disciplined documentation, and a rigorous audit mindset. The ideal candidate brings hands-on IT audit experience-preferably from a large financial institution or Big 4 environment-and thrives in a role with high expectations and accountability. Key Responsibilities:

• Execute independent control testing in accordance with the Second Line Testing Oversight Program and established audit methodologies
• Perform test of design and test of operating effectiveness for information security and technology controls
• Conduct risk-based and statistical sampling to support targeted testing efforts
• Develop detailed, well-documented workpapers that clearly support testing conclusions
• Identify control deficiencies, assess root cause, and recommend practical corrective actions
• Prepare concise written summaries and issue documentation suitable for leadership and stakeholders
• Partner effectively with business, technology, and internal control teams while maintaining independence
• Demonstrate curiosity and critical thinking by independently assessing risks rather than relying solely on instructions
  
  

Requirements

• Bachelor's degree required or 4 additional years of relevant experience beyond the minimum may be substituted
  
  

Required Certifications (one or more):

• CISA
• CISSP
• CRISC
• CISM
• 4 years of relevant experience in: IT Audit, Technology Risk, Cybersecurity, or Internal Controls
• Experience applying audit and testing methodologies within large, regulated environments
• Demonstrated experience with rigorous documentation standards and audit-style workpapers
• Strong testing experience, including control evaluation and execution
• Proficiency in Microsoft Office (Excel, Word, and PowerPoint)
• Ability to communicate clearly and professionally with peers and management
• Strong analytical skills with a proactive, self-directed mindset
  
  

Preferred Qualifications

• 5-6 years of IT audit or cybersecurity experience within a large financial institution
• Background from a Big 4 firm (e.g., Deloitte, KPMG) strongly preferred
• Experience working in Third Line of Defense (Internal Audit); Second or First Line also acceptable
• Familiarity with cybersecurity frameworks (e.g., NIST, ISO)
• Knowledge of compliance and regulatory requirements within financial services
• Exposure to Archer and/or ServiceNow (system of record)
• Understanding of technology risk management and information security controls
  
  

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.