IT Compliance Analyst – Technology Risk and Controls

About The Position

Requirements

• Bachelor’s degree in Information Technology, Management Information Systems, or related fields.
• 3+ years of relevant industry experience in IT compliance, information security, risk assessments and management, cybersecurity, data privacy, audit, or related client services or consulting experience.
• Technical knowledge and familiarity with information security standards and control processes across various industry frameworks, such as NIST, ISO, CIS, SOX, SOC 1 & 2 etc.
• Understanding of information technology and governance, compliance, and best practices across the industry as well as project management principles.
• Supports data automation and ad-hoc data analysis requests.
• Advanced MS Excel formulas and strong PowerPoint presentation skills.
• Strong interpersonal and oral/written communication skills.
• Experience developing and delivering management presentations.
• Highly detail-orientated with the ability to think critically.
• Strong problem solving and time management skills.

Nice To Haves

• Advanced automation and data analytics tool experience, such as Power Automate, Power Apps/MS Power BI, MS Forms, Tableau, Qlik Sense etc.
• Experience with Archer GRC.
• Project Management and Agile experience/certifications a plus.

Responsibilities

• Analyses incoming and past IT compliance requests and responses and helps design and build an effective data repository.
• Develops strong relationships with IT Teams and other sub matter experts across the enterprise to coordinate and execute required compliance assessment activities.
• Assists with analysis and identification of technology scope coverage, executes compliance assessments and control testing against requirements.
• Evaluates and documents effectiveness of assessment results, outlines mitigation controls and action plans for timely remediation of identified risk areas.
• Assists in development of executive-level risk presentations to describe program approach and status, and consults on key technology risks.
• Responds to questions from internal stakeholders regarding implementation of Technology Risk measures and assists with accurate control implementation.
• Helps design and build an IT compliance repository to catalog requests and final responses and enhance reporting.
• Establishes credibility and maintains strong working relationships with stakeholders to resolve IT compliance matters.
• Coordinates collection and review of IT deliverables for internal and external IT compliance reviews, exams, and audits.
• Reviews IT control’s effectiveness, such as application security, access controls, encryption, logging and monitoring etc.
• Understands metrics development and reporting.
• Delivers recommendations and risk interpretations in a clear, concise, and audience-specific manner.
• Executes simultaneously on multiple IT compliance deliverables.

Benefits

• Health and Wellness: We offer a range of medical, dental and vision insurance plans, as well as mental health support and wellness initiatives to promote overall well-being.
• Retirement Savings: We offer retirement benefits options, which vary by location. In the U.S., our competitive 401(k) Plan offers a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay and a Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately.
• Employee Assistance Program: Confidential counseling services and resources are available to all employees.
• Matching charitable donations: Corebridge matches donations to tax-exempt organizations 1:1, up to $5,000.
• Volunteer Time Off: Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work.
• Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it.