Governance, Risk & Compliance Analyst III - SOC

At Sensiba, we're more than just a Top 75 Accounting Firm - we're a purpose-driven organization committed to making a meaningful impact for our clients, our people, and our communities. Recognized as a Top Workplace USA, we're proud of our culture of exceptional employee engagement, collaboration, and continuous growth.

We help clients solve problems, navigate complexity, and build a foundation for sustainable success. Whether supporting fast-growing startups or established enterprises, we bring deep expertise and a people-first approach to every engagement.

In 2018, Sensiba became a certified B Corporation (B Corp) - a designation that reflects our commitment to using business as a force for good. This certification holds us accountable to high standards of social and environmental performance, transparency, and ethical governance. It's not just a badge - it's a reflection of how we operate, make decisions, and support our stakeholders.

The GRC Analyst III - SOC 2 is responsible for ensuring client satisfaction and efficient execution of engagement plans, while being the coach and advisor to team members. This role will focus on business processes and IT control auditing and advisory services with responsibilities that include evaluating, testing, and documenting key business processes, access controls, and change management controls for engagements.

The Experienced Associate will audit a diverse range of companies, build robust client relationships grounded in a deep understanding of their operations, challenges, and compliance needs. The role is pivotal in delivering top-notch services, centering on clients' business, IT, and security risk management.

• Knowledge of relevant regulations and industry standards (e.g., SSAE 18/SOC, HIPAA, ISO-27001, COSO, HITRUST, etc.) and best practices and methodologies to address these requirements.
• Knowledge of audit principles such as risk assessment, materiality, independence and sufficiency of evidence.
• Ability to apply these requirements to organizational internal control frameworks.
• Understanding of technical concepts such as cyber security, virtualization, data center, cloud computing, and the like.
• Ability to interpret/relay technical information to all levels of technical aptitude, including senior management. This includes written and oral communications.
• Documentation skills are a must. Ability to articulate, write and present information in a clear and understandable manner and to meet the re-performance standard required for supporting our audit work.
• Strong time management, project management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment.
• Strong interpersonal skills.
• Demonstrated ability to quickly understand and assimilate business processes.
• Conduct detailed audits of clients' business processes and IT controls, ensuring compliance with industry standards and regulations.
• Observe, review, document, and test key business process transactions, access controls, change management controls, operational and organizational controls, and automated controls for engagements.
• Review, document, evaluate and test application controls, particularly automated controls on a wide range of systems and software applications across a wide variety of client business processes.
• Evaluate clients' business, IT, and security risks, identifying areas of concern and recommending appropriate control measures and process improvements to mitigate risks.
• Assess security policies and procedures, reviewing risk management / risk assessment documentation, and controls of our clients' business applications, networks, operating systems, and other components of their technology infrastructure.
• Support internal and external security assessments of new and existing services and infrastructure including operational, regulatory, and contractual requirements.
• Develop and nurture strong relationships with clients, gaining insight into their businesses, risks, and compliance requirements to tailor audit approaches effectively.
• Execute audit procedures efficiently and effectively, analyzing systems, processes, and controls to assess their adequacy and effectiveness in managing risks.
• Prepare comprehensive audit reports detailing findings, recommendations, and remediation plans, ensuring clear communication of audit results to clients.
• Develop a technical understanding of cyber security best practices in order to advise and audit clients on their security posture.
• Follow up on remediation progress or management responses.
• Provide guidance and mentoring to less experienced team members.

• Bachelor's degree required
• 2 + years of IT Audit experience or Audit experience
• Experience performing SOC 1 and/or SOC 2 audits, and controls reviews along with recommending, designing and advising on applicable IT controls
• Bachelor's degree in Accounting, Finance, MIS, IT or related field preferred
• Experience conducting SOC 2 audits…