Compliance Analyst

IT Risk & Compliance Analyst

Contract:
6-Month Contract

Location:
Midtown –
4 days onsite / 1 day remote

Hours:
8:00 AM – 5:00 PM

We are seeking an IT Risk & Compliance Analyst to support the execution, monitoring, and enhancement of IT controls and compliance activities across the organization. This role will assist in implementing SOX controls, performing compliance assessments, validating evidence, and driving remediation efforts. The ideal candidate will have a strong foundation in IT audit, IT security, or IT compliance, with the ability to work cross-functionally and communicate effectively with technical and business stakeholders.

Responsibilities

• Coordinate efforts to implement and maintain SOX controls for in-scope systems and processes.
• Facilitate discussions between stakeholders to gather evidence, identify control gaps, and drive timely remediation.
• Ensure IT compliance with applicable regulatory requirements, including SOX, PCI, and contractual obligations.
• Collect, review, and sample evidence supporting compliance activities, escalating out-of-compliance items to senior management.
• Document non-compliance findings, provide recommendations, and oversee remediation action plans through completion.
• Monitor, track, and report on exceptions, risks, and exposures to IT senior leadership.
• Conduct fact-based assessments of new and existing systems, evaluating regulatory and compliance controls.
• Support the administration of IT Compliance Management Systems and Governance, Risk & Compliance (GRC) tools.
• Assist with implementation of new technology tools (e.g., GRC platforms) to support IT risk initiatives.
• Participate in information-sharing activities with partner utilities, including metrics gathering and survey management.
• Provide subject matter expertise to help internal stakeholders manage IT risks and controls effectively.
• Adhere to company confidentiality and security requirements at all times.

Required Skills & Experience

• 3+ years of IT security, IT audit, IT compliance, or related controls experience.
• Experience identifying control gaps, drafting remediation plans, and guiding remediation efforts to completion.
• Strong understanding of SOX requirements.
• Assurance/compliance experience in areas such as:
• Audit / IT compliance
• Compliance assessments
• IT governance
• GRC platforms

Nice-to-Have Skills

• CISA or CRISC certifications.
• Experience with PCI controls and/or the NIST Cybersecurity Framework.
• Hands-on experience with any of the following:
• SAP
• ServiceNow
• AuditBoard
• Splunk
• Tenable
• CyberArk
• Risk assessments
• Vulnerability assessments

Education

• A bachelor's degree is required.