Compliance Analyst
New York, NY
TripActions
Streamline your corporate travel management and expense processes in one app. Save time, gain efficiency, and reduce costs with this powerful, all-in-one solution.Position Overview: We are seeking an experienced SOX Compliance & GRC Analyst to lead our SOX IT General Controls program while supporting our broader governance, risk, and compliance initiatives. The successful candidate will ensure compliance with Sarbanes-Oxley regulations, focusing on IT general controls, while harmonizing controls across our expanding compliance portfolio and supporting various security frameworks.
What You'll Do:
SOX IT General Controls (Primary Focus)
- Lead SOX Compliance Program: Conduct thorough assessments of IT general controls to ensure compliance with SOX 404 requirements
- Control Testing & Management: Perform regular management testing of IT general controls, including access controls, change management, data backup, and recovery processes
- Evidence Collection & Automation: Implement automation for evidence collection and conduct self-review of submitted evidence for access management, change management, segregation of duties, and configuration management controls
- System Onboarding: Lead onboarding of new systems to the SOX control environment, ensuring compliance by design
- Audit Coordination: Manage the flow of audit requests, coordinate scope of external testing, and interface with external auditors to represent our SOX control environment
Broader GRC Responsibilities
- Multi-Framework Compliance: Execute external audits and assessments for SOC 1, SOC 2, PCI DSS, ISO 27001, and NIST CSF frameworks
- Cross-Functional Collaboration: Work closely with People Operations, Finance, Legal, IT, and product engineering teams to identify control gaps and integrate control requirements
- Assessment & Testing: Perform periodic assessments and testing of security compliance controls, policies, and standards across multiple frameworks
- Remediation Management: Identify control deficiencies, develop remediation plans, and oversee implementation efforts
- Reporting & Metrics: Prepare detailed reports on compliance status, audit findings, and create metrics to demonstrate compliance progress to senior management
- GRC Tools Implementation: Collaborate on developing and implementing centralized audit evidence repository and GRC tools
- Policy Development: Create and maintain security policies, procedures, and standards
- Training & Education: Develop and deliver training programs on SOX IT control requirements and compliance best practices
Required Qualifications:
- Experience: 4-5+ years of SOX 404 IT General Controls auditing, security governance, risk, and compliance experience
- SOX Expertise: Strong understanding of SOX 404 regulations, IT general controls, and financial systems audit requirements for both on-premise and cloud systems
- Framework Knowledge: In-depth understanding of SOC frameworks, PCI DSS, GDPR, ISO 27001, and relevant regulations
- Cloud Expertise: Strong knowledge of cloud controls and environments, particularly AWS (Azure and Google Cloud experience beneficial)
- Technical Proficiency: Practical understanding of IT security compliance, risk management, access control, network security, and security architecture in cloud environments
- Analytical Skills: Excellent analytical, diagnostic, critical thinking, and project management abilities
- Communication: Ability to clearly articulate technical concepts to both technical and non-technical stakeholders from diverse backgrounds
- Automation Experience: Proficiency in implementing automation for evidence collection and control testing
Preferred Qualifications:
- Education: Bachelor's degree in Information Technology, Computer Science, Accounting, or related field
- Certifications: CISA, CISM, CISSP, CPA, CSA CCSK, ISC² CCSP, or other relevant security certifications
- Framework Experience: Experience with IT control frameworks such as COBIT, NIST, or ISO 27001
- Consulting Background: Experience with Big Four consulting firms
- Unified Controls: Experience developing and implementing unified control frameworks
- Tool Proficiency: Experience with audit and compliance tools and software
- Data Presentation: Proficiency in representing data graphically and creating executive-level reports
Key Success Factors:
- Deep technical understanding of SOX IT General Controls and their relationship to other security frameworks
- Proven ability to lead complex compliance projects from planning through execution
- Strong stakeholder engagement skills with both internal teams and external auditors
- Experience staying current with regulatory changes and integrating updates into daily operations
- Detail-oriented approach with ability to manage multiple priorities and deadlines
- Track record of driving automation and process improvements in compliance programs
Ā
The posted pay range represents theĀ anticipatedĀ low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidateās starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidateās skills and experience, market demands, and internal parity.For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.Pay Range$82,500ā$154,000 USD
Tags: Audits Automation AWS Azure CCSK CCSP CISA CISM CISSP Cloud COBIT Compliance Computer Science Finance GCP GDPR Governance ISO 27001 Network security NIST PCI DSS Risk management SOC SOC 1 SOC 2 SOX
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.