Risk & Compliance Analyst Sr IT

About the Company: Our company is committed to creating innovative solutions that prioritize protecting the environment, public health, and people’s overall well-being. We strive to build a sustainable, shared future, and our team members have the opportunity to make a positive impact on communities, the planet, and people’s lives. Come work with us and join our mission to safeguard health and promote sustainability in a safe and responsible way.

Job Title: Senior IT Risk and Compliance Analyst

Position Purpose: As a Senior IT Risk and Compliance Analyst, you will be responsible for creating and implementing IT internal controls that align with best practices within our organization. You will promote a control-conscious and compliant culture throughout the organization.

Key Responsibilities:

• Assist control owners in managing the full IT SOX audit cycle, including enhancing controls, maintaining the IT SOX control framework, conducting management prep sessions, and validating audit evidence for completeness and accuracy.
• Build and maintain positive relationships with stakeholders such as application, process, and control owners, as well as management to support IT Risk and Compliance processes.
• Conduct targeted risk assessments and provide recommendations to control owners.
• Participate in scoping activities for IT SOX applications, systems changes, and business transformation projects.
• Contribute to designing and implementing enhancements for internal controls such as segregation of duties, change management, access management, IT operations, workflow, and application configuration.
• Facilitate SOX auditor training, create support materials and processes for control owners, and drive continual improvement of the IT SOX governance program.
• Review audit or internal assessment deficiencies and collaborate with the IT Risk & Compliance team to develop and execute remediation plans.
• Support the IT policy steering committee in developing IT policies, ensuring consistency, and facilitating the roll-out and maintenance of corporate IT policies.
• Support the IT GRC steering committee to improve controls.
• Use homegrown tools built on Alteryx and Outsystems to perform user entitlement reviews.
• Serve as a liaison to internal/external auditors and facilitate SOC-1 reviews of our organization.
• Assist management with remediation plan development and execution and support control owners.
• Participate in IT SOX walkthroughs to gain an understanding of current processes and controls.
• Maintain status reports and key metrics to support the IT Risk and Compliance function.
• Perform other duties and responsibilities as assigned.

Requirements:

• Bachelor’s degree in Information Systems, Computer Science, Accounting, Business, or a related technical discipline (or equivalent).
• At least 5 years of relevant work experience.
• Familiarity with leading IT controls frameworks, audit methodologies, and IT industry standards (e.g., COSO 2013, COBIT, ISO, CMM, ITIL, PCI, NIST, SSAE 18 SOC, etc.).
• Strong understanding of IT regulatory concerns, especially IT Sarbanes Oxley (IT SOX).
• Intermediate knowledge of evaluating internal controls, developing recommendations, designing and implementing solutions.
• Previous internal or external audit experience is a plus.
• SAP functional knowledge is a plus.
• CISA, CISM, CIA, CPA certifications are a plus.
• Intermediate to advanced skills and hands-on experience in building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, Access.
• Basic knowledge of project management principles (planning, organizing, and managing assessment process).
• Strong interpersonal skills with the ability to work effectively in a matrixed organization.
• Ability to work with teams that are geographically distributed and work across different time zones.
• Able to work in a fast-paced environment, both independently and lead a team.
• Ability to manage and collaborate with onshore and offshore cross-functional teams.
• Strong analytical ability, critical thinking, decision making, judgment, and problem analysis techniques.
• Excellent communication skills (verbal, written, and listening).