Lead DI Security and Compliance Analyst

Position Summary

You will serve as a primary CISO organization liaison for IT audit activities, coordinating between Internal Audit, external auditors, and IT control owners to ensure efficient, timely, and accurate audit execution. You will track open audit requests, evidence submissions, and management responses, ensuring timely resolution and escalation of issues. You will execute risk-based assessments and independent control testing activities from the second line of defense perspective, providing objective assurance on the effectiveness of IT controls.

• Conduct annual and ad hoc IT risk assessments to identify, evaluate, and prioritize risks across the IT environment.
• Perform second‑line‑of‑defense control testing across ITGC domains, including role‑based access reviews, segregation of duties analysis, change management sampling, and operational control testing.
• Monitor the effectiveness of first‑line control self‑assessments (CSAs) and provide feedback to strengthen the first line of defense.
• Conduct periodic access recertification reviews and support User Access Reviews (UARs) for in‑scope systems.
• Identify trends in control failures and emerging risks, escalating systemic issues to leadership with actionable recommendations.
• Develop and maintain standardized tools, guidance materials, and training programs to build organizational GRC capability and ensure audit preparedness.
• Maintain and distribute IT audit readiness checklists tailored to control domains, audit cycles, and specific regulatory requirements.
• Design and deliver training programs and awareness sessions for IT control owners, process owners, and first‑line staff on ITGC requirements, SOX compliance, and evidence collection best practices.
• Maintain a GRC knowledge base and content for ongoing stakeholder reference.
• Act as a key point of contact between the CISO organization, Internal Audit, and the Risk & Controls function and other technology functions, fostering a collaborative and transparent governance culture.
• Build and maintain trusted relationships with Internal Audit leadership, Risk & Controls management, IT leadership, and business process owners.
• Provide regular status reporting on audit activities, risk posture, and control effectiveness to the CISO and senior IT leadership.

• Bachelor’s Degree or equivalent.
• Minimum 12+ years of relevant work experience.
• Legal authorization to work in the U.S. (no visa sponsorship).

• Minimum 3+ years of progressive experience in information technology, information security, IT compliance, or IT audit.
• Hands‑on experience with IT General Controls (ITGC) design, documentation, and testing within a SOX‑regulated environment.
• Experience working within or supporting a second line of defense function, internal audit team, or external audit engagement in an IT capacity.
• Strong understanding of risk assessment methodologies and the ability to evaluate and document IT risk.
• Familiarity with enterprise IT environments, including ERP systems (SAP, Oracle, Workday, Salesforce, IFS Cloud), cloud infrastructure (AWS, Azure, GCP), and identity governance and Segregation of Duties technology platforms.
• Proficient with Security Operations, Access Management, Platform Security, and Data Security technologies at an engineering or architecture level.
• Solid understanding of IT control frameworks: COSO, COBIT, NIST Cybersecurity Framework (CSF), ISO 27001, and SOX 302/404.
• Working knowledge of cybersecurity principles including access management, identity governance, vulnerability management, and data protection.
• Familiarity with common enterprise application controls, database controls, and infrastructure controls relevant to IT audit.

Experience in auditing, compliance, or risk management with responsibility for risk assessments, ITGC walkthroughs, and control testing. Exposure to PCAOB standards (AS 2201) is a plus.

• CISA, CISM, CISSP, CIA, CPA, or equivalent.

• IT General Controls (ITGC) expertise.
• Security Architecture or Engineering experience.
• SOX 404 compliance and testing.
• Risk assessment and risk register management.
• Access management and identity governance.
• Cybersecurity frameworks (NIST, ISO 27001, COBIT).

• Cross‑functional stakeholder communication.
• Executive‑level written and verbal reporting.
• Project and audit lifecycle management.
• Training development and facilitation.

Health insurance (Medical, Dental, Vision), 401(k), paid time off, parental and caregiver leave, flexible work schedule, and other benefits. For more information, visit our benefits page at

We are an Equal Opportunity Employer including disability and veterans. If you are an individual with a disability and need reasonable accommodation during the application process, please contact our services team.