Compliance Analyst

Position Overview: We are seeking an experienced SOX Compliance & GRC Analyst to lead our SOX IT General Controls program while supporting our broader governance, risk, and compliance initiatives. The successful candidate will ensure compliance with Sarbanes-Oxley regulations, focusing on IT general controls, while harmonizing controls across our expanding compliance portfolio and supporting various security frameworks.

What You'll Do:

SOX IT General Controls (Primary Focus)

• Lead SOX Compliance Program: Conduct thorough assessments of IT general controls to ensure compliance with SOX 404 requirements
• Control Testing & Management: Perform regular management testing of IT general controls, including access controls, change management, data backup, and recovery processes
• Evidence Collection & Automation: Implement automation for evidence collection and conduct self-review of submitted evidence for access management, change management, segregation of duties, and configuration management controls
• System Onboarding: Lead onboarding of new systems to the SOX control environment, ensuring compliance by design
• Audit Coordination: Manage the flow of audit requests, coordinate scope of external testing, and interface with external auditors to represent our SOX control environment

Broader GRC Responsibilities

• Multi-Framework Compliance: Execute external audits and assessments for SOC 1, SOC 2, PCI DSS, ISO 27001, and NIST CSF frameworks
• Cross-Functional Collaboration: Work closely with People Operations, Finance, Legal, IT, and product engineering teams to identify control gaps and integrate control requirements
• Assessment & Testing: Perform periodic assessments and testing of security compliance controls, policies, and standards across multiple frameworks
• Remediation Management: Identify control deficiencies, develop remediation plans, and oversee implementation efforts
• Reporting & Metrics: Prepare detailed reports on compliance status, audit findings, and create metrics to demonstrate compliance progress to senior management
• GRC Tools Implementation: Collaborate on developing and implementing centralized audit evidence repository and GRC tools
• Policy Development: Create and maintain security policies, procedures, and standards
• Training & Education: Develop and deliver training programs on SOX IT control requirements and compliance best practices

Required Qualifications:

• Experience: 4-5+ years of SOX 404 IT General Controls auditing, security governance, risk, and compliance experience
• SOX Expertise: Strong understanding of SOX 404 regulations, IT general controls, and financial systems audit requirements for both on-premise and cloud systems
• Framework Knowledge: In-depth understanding of SOC frameworks, PCI DSS, GDPR, ISO 27001, and relevant regulations
• Cloud Expertise: Strong knowledge of cloud controls and environments, particularly AWS (Azure and Google Cloud experience beneficial)
• Technical Proficiency: Practical understanding of IT security compliance, risk management, access control, network security, and security architecture in cloud environments
• Analytical Skills: Excellent analytical, diagnostic, critical thinking, and project management abilities
• Communication: Ability to clearly articulate technical concepts to both technical and non-technical stakeholders from diverse backgrounds
• Automation Experience: Proficiency in implementing automation for evidence collection and control testing

Preferred Qualifications:

• Education: Bachelor's degree in Information Technology, Computer Science, Accounting, or related field
• Certifications: CISA, CISM, CISSP, CPA, CSA CCSK, ISC² CCSP, or other relevant security certifications
• Framework Experience: Experience with IT control frameworks such as COBIT, NIST, or ISO 27001
• Consulting Background: Experience with Big Four consulting firms
• Unified Controls: Experience developing and implementing unified control frameworks
• Tool Proficiency: Experience with audit and compliance tools and software
• Data Presentation: Proficiency in representing data graphically and creating executive-level reports

Key Success Factors:

• Deep technical understanding of SOX IT General Controls and their relationship to other security frameworks
• Proven ability to lead complex compliance projects from planning through execution
• Strong stakeholder engagement skills with both internal teams and external auditors
• Experience staying current with regulatory changes and integrating updates into daily operations
• Detail-oriented approach with ability to manage multiple priorities and deadlines
• Track record of driving automation and process improvements in compliance programs

 

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.

For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.Pay Range$82,500—$154,000 USD