Job Description & How to Apply Below
Thomson Reuters Sr Governance and Compliance Analyst
Pay information not provided
We are growing and looking for experienced compliance and audit professionals who also embrace technology-driven ways of working. In this hybrid role, you will lead control testing and audit programs while actively contributing to the automation and AI-enabled optimization of compliance workflows. You will partner with control owners, external auditors, and the Automation & AI team to improve how we test, evidence, and report on the effectiveness of controls across Thomson Reuters' multi-framework compliance portfolio.
Aboutthe role
Key Responsibilities Control Testing & Audit (Primary — ~65%)
- Assess, challenge, and test the design and operational effectiveness of controls using TR’s control framework by working collaboratively with control owners and stakeholders to improve the control testing process, including defining re-test cycles and evidence expected.
- Execute a testing plan by communicating requirements to control owners, reviewing evidence submitted, agreeing on deficiencies found and finalizing the next steps in meeting control requirements.
- Oversee and act as a liaison for both external and internal audits; identify procedures and practices that are not compliant with industry frameworks.
- Recommend and support stakeholders making changes to address non-compliance issues, and compile reports on audit results to present to managers & supervisors.
- Work closely with other teams like ERM, Finance, business and application owners, third party or contractors supporting processes to report and track remediation plans for any control deficiencies identified.
- Ensure awareness about security risks, best practices and policy/standard requirements are essential to ensure compliance.
- Contribute to the implementation and continuous improvement of automated compliance controls by working with the Automation & AI team, including evidence collection, validation, and reporting capabilities, to optimize workflows.
- Collaborate with internal assessors to identify automation opportunities and support the design and deployment of AI-assisted solutions, covering automated evidence gathering, validation and classification, workflow notifications, and preliminary control effectiveness ratings.
- Maintain documentation of automation workflows, logic, and validation processes to ensure transparency and auditability; stay current with emerging technologies in controls automation and AI to inform team strategy and innovation.
You are a fit for this role if your background includes:
Required Qualifications- Bachelor’s degree in IT, Accounting, Finance, Computer Science, or equivalent education and experience.
- 4+ years of relevant experience in SoX (ITGC), SOC 2, PCI DSS, ISO (9001, 27001, 42001, etc.) within internal audit, Big 4/5 advisory, consulting, or a Governance & Compliance function — including direct control testing or Line 1a/1b IT-IS assessment work.
- Strong understanding of control frameworks such as NIST CSF, ISO Frameworks, SOC2 TSC, and PCI DSS; familiarity with NIS2/CRA is an asset.
- Experience working with or alongside internal audit, risk, or compliance teams, including reporting and tracking remediation plans.
- Awareness of common security vulnerabilities in web and cloud environments, drawing on sources such as SANS, OWASP Top 10, and the Cloud Security Alliance (CSA).
- Strong ethical principles and understanding of business and information security ethics.
- Excellent oral and written communication skills in English; additional fluency in French, Spanish, or another language is an asset.
- Familiarity with GRC platforms such as Service Now, Process Unity, RSA Archer, Metric Stream, or Protecht.
- One or more professional certifications: CISA, CISSP, CISM, CRISC, CCAK, or ISO 27001 Lead Auditor/Implementer (strongly preferred).
- Hands‑on experience testing cloud controls and related technologies (AWS, Azure, GCP).
- Exposure to automation tools, Python scripting, or AI/LLM-assisted workflows in a compliance or audit context.
- Experience with AI, or generative AI applied to…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×