Technology Risk & Controls Testing Analyst
Job in
Phoenix, Maricopa County, Arizona, 85002, USA
Listed on 2026-06-03
Listing for:
Kforce
Full Time
position Listed on 2026-06-03
Job specializations:
-
IT/Tech
Cybersecurity, Data Security, Information Security, IT Business Analyst
Job Description & How to Apply Below
Overview:
The Technology Risk & Controls Testing Analyst is a key member of the Second Line of Defense, responsible for executing independent testing of information security and technology controls. This role supports the Technology Risk Management organization by performing targeted, risk-based testing to evaluate the design and operating effectiveness of controls across IT and cybersecurity environments.
This position is highly execution-focused and requires strong independent judgment, disciplined documentation, and a rigorous audit mindset. The ideal candidate brings hands-on IT audit experience-preferably from a large financial institution or Big 4 environment-and thrives in a role with high expectations and accountability.
Key Responsibilities:
* Execute independent control testing in accordance with the Second Line Testing Oversight Program and established audit methodologies
* Perform test of design and test of operating effectiveness for information security and technology controls
* Conduct risk-based and statistical sampling to support targeted testing efforts
* Develop detailed, well-documented work papers that clearly support testing conclusions
* Identify control deficiencies, assess root cause, and recommend practical corrective actions
* Prepare concise written summaries and issue documentation suitable for leadership and stakeholders
* Partner effectively with business, technology, and internal control teams while maintaining independence
* Demonstrate curiosity and critical thinking by independently assessing risks rather than relying solely on instructions
* Bachelor's degree required or 4 additional years of relevant experience beyond the minimum may be substituted
Required Certifications (one or more):
* CISA
* CISSP
* CRISC
* CISM
* 4+ years of relevant experience in: IT Audit, Technology Risk, Cybersecurity, or Internal Controls
* Experience applying audit and testing methodologies within large, regulated environments
* Demonstrated experience with rigorous documentation standards and audit-style work papers
* Strong testing experience, including control evaluation and execution
* Proficiency in Microsoft Office (Excel, Word, and PowerPoint)
* Ability to communicate clearly and professionally with peers and management
* Strong analytical skills with a proactive, self-directed mindset
Preferred Qualifications:
* 5-6+ years of IT audit or cybersecurity experience within a large financial institution
* Background from a Big 4 firm (e.g., Deloitte, KPMG) strongly preferred
* Experience working in Third Line of Defense (Internal Audit);
Second or First Line also acceptable
* Familiarity with cybersecurity frameworks (e.g., NIST, ISO)
* Knowledge of compliance and regulatory requirements within financial services
* Exposure to Archer and/or Service Now (system of record)
* Understanding of technology risk management and information security controls
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×