IT Audit & Compliance Analyst

We are seeking a mid-level IT Audit & Compliance Analyst to join our IT organization at a publicly traded company. This role supports SOX compliance, SOC 2 reporting, and IT risk management, and works closely with Internal Audit, Finance, and Cybersecurity teams to ensure strong technology controls and regulatory compliance.

This position is ideal for someone with a solid foundation in IT controls and audits who wants to deepen their experience across SOX, SOC 2, and cybersecurity governance.

Key Responsibilities

• SOX & IT Controls
• Perform and support SOX IT General Controls (ITGC) testing, including:
• User access management
• Change management
• System operations and backups
• Assist with walkthroughs, risk assessments, and control documentation
• Track and support remediation of control deficiencies
• Partner with Internal Audit and external auditors during SOX audits
• SOC 2 & Third-Party Assurance
• Support SOC 2 Type I and Type II readiness and ongoing compliance
• Maintain control narratives, evidence, and audit artifacts
• Coordinate with IT, Engineering, and Security teams to ensure controls are operating effectively
• Assist in responding to customer and vendor security questionnaires
• Cybersecurity & Risk Collaboration
• Work with the Cybersecurity team on:
• Security policies and standards
• Risk assessments and control alignment (NIST, ISO, etc.)
• Incident response and access reviews (governance perspective)
• Help bridge compliance requirements with security operations
• Documentation & Continuous Improvement
• Maintain IT policies, procedures, and control documentation
• Identify opportunities to improve control design, automation, and audit efficiency
• Stay current on regulatory and industry best practices

Required Qualificatons

• 3-6 years of experience in IT audit, IT compliance, or technology risk
• Hands-on experience with SOX ITGCs
• Exposure to SOC 1 and/or SOC 2 audits
• Understanding of core IT processes (access, change, SDLC, infrastructure)
• Strong documentation and communication skills

Preferred Qualfications

• Experience in a public company environment
• Familiarity with cybersecurity frameworks (NIST, ISO 27001, CIS)
• Experience working with external auditors or Big 4 firms
• Certifications or progress toward:
• CISA - Required
• CISM
• CRISC
• CISSP (a plus, not required)

What We Offer

• Exposure to SOX, SOC 2, and cybersecurity governance
• Career growth toward Senior IT Auditor, GRC Manager, or Cyber Risk roles
• Cross-functional work with IT, Security, Finance, and Audit teams
• Competitive compensation and benefits
• Why This Role Is Attractive (unspoken but real)
• Not "pure audit" - includes security and risk exposure
• Public company experience (very marketable)
• Clear path into senior IT audit, GRC, or cyber risk

#LI-CT1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.