IT Compliance Analyst

IT Compliance Analyst


 To provide a secure and protected environment for the data and systems by evaluating IT controls, monitoring IT processes, performing compliance reviews, identifying areas of non-compliance, and developing improvements to operational deficiencies.




•             Acts as a liaison to internal/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders

•             Monitors and reports on the progress of risk mitigation efforts, ensuring target dates are met and extensions are granted

•             Leverages various tools to perform research, develop alerts, and compile reports

•             Develops a working knowledge  of the IT Risk and Compliance tool set, including Varonis DATALERT, Tripwire Enterprise, McAfee Database Activity Monitoring, and Splunk

•             Performs daily, monthly, and quarterly monitoring and reconciliation activities accurately and timely

•             Researches, communicates and resolves automated IT compliance exceptions

•             Ensures proper log monitoring, reporting and escalation of non-compliant activity

•             Assists with the execution of the internal IT compliance testing program. This includes: internal IT controls and compliance reviews; and remediation testing of issues identified during audit, regulatory exams or internal assessments

•             Contributes to various project requests from Vendor Management, External Audit, Information Security, and Enterprise Risk Management

•             Assists in the administration of IT policies, standards, processes, and procedures

•             Assists with the development or update of department procedures

•             Performs ad-hoc IT compliance requests or additional duties as assigned

•             Builds and maintains positive working relationships with stakeholders, including application owners, business areas, and management in support of IT Risk and Compliance processes


     SOFTWARE REQUIREMENTS              

•             MS Office product (notably Outlook, Word, Excel, and Access) knowledge.

•             Compliance Monitoring tool exposure (i.e., Varonis DATALERT, Tripwire Enterprise, McAfee Database Activity Monitoring, Splunk) preferred

•             SQL (plus)

•             Tableau (plus)



•             2-4 years of IT security, IT operations, IT audit and compliance, or IT risk management experience.



•             4-6 years of Information Technology experience necessary without a degree.

               •             4 year college degree in information technology or equivalent experience.

•             Compliance certification is preferred (CISA, CRISC, CGEIT)




•             General familiarity with a work environment that supports and encourages defined guidelines, policies, and procedures

•             Must have excellent communication skills (verbal, written, and listening)

•             Intermediate knowledge of IT general controls

•             Intermediate experience with technical writing

•             Intermediate knowledge of evaluating internal controls and developing recommendations

•             Basic knowledge of project management principles (planning, organizing,  and managing assessment process)

•             Ability to quickly learn new systems and applications

•             Exceptional analytical and problem solving capabilities

•             Ability to work independently, as well as in a collaborative and dynamic team environment

•             Must be able to multitask and shift priorities, as required, and work effectively under pressure

•             Must be a self-starter, with the ability to work in a fast paced environment, both independently and as part of a team

•             A high level of integrity and dependability are necessary to perform this role

•             Strong organizational skills with attention to detail and accuracy

•             A high level of integrity and dependability are necessary to perform this role