Job Specifications
IT Risk & Compliance Analyst
Contract: 6-Month Contract
Location: Midtown – 4 days onsite / 1 day remote
Hours: 8:00 AM – 5:00 PM
We are seeking an IT Risk & Compliance Analyst to support the execution, monitoring, and enhancement of IT controls and compliance activities across the organization. This role will assist in implementing SOX controls, performing compliance assessments, validating evidence, and driving remediation efforts. The ideal candidate will have a strong foundation in IT audit, IT security, or IT compliance, with the ability to work cross-functionally and communicate effectively with technical and business stakeholders.
Responsibilities
Coordinate efforts to implement and maintain SOX controls for in-scope systems and processes.
Facilitate discussions between stakeholders to gather evidence, identify control gaps, and drive timely remediation.
Ensure IT compliance with applicable regulatory requirements, including SOX, PCI, and contractual obligations.
Collect, review, and sample evidence supporting compliance activities, escalating out-of-compliance items to senior management.
Document non-compliance findings, provide recommendations, and oversee remediation action plans through completion.
Monitor, track, and report on exceptions, risks, and exposures to IT senior leadership.
Conduct fact-based assessments of new and existing systems, evaluating regulatory and compliance controls.
Support the administration of IT Compliance Management Systems and Governance, Risk & Compliance (GRC) tools.
Assist with implementation of new technology tools (e.g., GRC platforms) to support IT risk initiatives.
Participate in information-sharing activities with partner utilities, including metrics gathering and survey management.
Provide subject matter expertise to help internal stakeholders manage IT risks and controls effectively.
Adhere to company confidentiality and security requirements at all times.
Required Skills & Experience
3+ years of IT security, IT audit, IT compliance, or related controls experience.
Experience identifying control gaps, drafting remediation plans, and guiding remediation efforts to completion.
Strong understanding of SOX requirements.
Assurance/compliance experience in areas such as:
Audit / IT compliance
Compliance assessments
IT governance
GRC platforms
Nice-to-Have Skills
CISA or CRISC certifications.
Experience with PCI controls and/or the NIST Cybersecurity Framework.
Hands-on experience with any of the following:
SAP
ServiceNow
AuditBoard
Splunk
Tenable
CyberArk
Risk assessments
Vulnerability assessments
Education
A bachelor’s degree is required.
About the Company
Here at Brooksource, relationships are at the center of everything we do. Since 2000, we have established and maintained lasting relationships with our clients, consultants, and internal employees to create an unparalleled experience.
Brooksource is a trusted provider of Engineering & Technology solutions for Fortune 500 organizations, specializing in Experience-Driven Staffing, Professional Services, and our innovative Workforce Transformation program, Elevate. Leveraging our partnerships with Salesforce, AWS, Microsoft, ...
Know more