Principal IT Security Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, Information Systems, Information Assurance, or equivalent professional experience.
• 5–7+ years of experience in IT audit, IT compliance, information security, or regulatory assurance roles.
• Demonstrated experience supporting SOX, SOC, and security related audits in complex environments.
• Strong understanding of IT and security control environments and audit methodologies.
• Strong knowledge of IT and security controls, governance concepts, and audit practices.
• Ability to operate effectively as an audit facilitator and liaison, rather than a handson security operator.
• Working knowledge of security architectures, cloud environments, and common security technologies sufficient to support audit discussions.
• Excellent written and verbal communication skills, including the ability to present complex topics to executive audiences.
• Strong organizational skills with the ability to manage multiple audit activities and deadlines simultaneously.
• High attention to detail while maintaining the ability to synthesize information into clear audit narratives.
• Ability to influence and coordinate across technical and business teams without direct authority.
• Sound judgment in identifying risk, prioritizing issues, and supporting remediation discussions.
• Working on-site at assigned office location.
• Regular and punctual attendance adhering to schedule established by leadership.
• Flexibility to work occasional adjusted work schedules, overtime, and evening and/or weekend hours to meet deadlines or as business needs demand.
• Working in a cubicle hub, maintaining focus on phone calls in a noisy environment within earshot of multiple other conversations.
• Sedentary work in a stationary position at a cubicle for prolonged periods of time.
• Constant repetitive motions required for operating a computer, such as typing and managing phone calls.
• Constantly communicating effectively verbally in English, including accurately exchanging information with others following identification of correct procedures.
• All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator.
• Employment will be contingent on this requirement.

Nice To Haves

• Professional certifications such as CISA, CISSP, CRISC, CGEIT, GRCP, or similar preferred or in progress.

Responsibilities

• Serve as the primary point of contact for internal and external auditors supporting SOX, SOC, and other regulatory or assurance engagements.
• Facilitate communication between auditors, Information Security, IT, and business stakeholders to ensure consistent understanding of audit scope and expectations.
• Coordinate the end-to-end audit lifecycle, including planning, walkthrough scheduling, evidence collection, follow up, and issue closure.
• Assist in developing, implementing, and executing the organization’s IT and security compliance program.
• Identify audit issues, documentation gaps, and control weaknesses, including approvals, segregation of duties, and evidence sufficiency concerns.
• Support root cause analysis discussions and guide stakeholders toward practical, risk appropriate remediation actions.
• Track audit findings, management responses, and remediation commitments through completion.
• Prepare clear, concise audit status updates, summaries, and executive level communications.
• Support leadership with audit narratives, management responses, and clarification of control intent.
• Assist control owners and performers in understanding compliance expectations and evidence standards.
• Provide input to align Information Security and IT policies, standards, and procedures with audit and regulatory requirements.
• Promote consistency, quality, and repeatability in audit documentation and evidence collection processes.
• Evaluate IT and security controls across on premises and cloud environments to assess audit impact and readiness.
• Apply working knowledge of security architecture, cloud platforms, and security tooling to contextualize audit requirements and discussions.
• Participate in architecture or design discussions as needed to assess control alignment and audit implications, without owning technical implementation.
• Develop and maintain high quality audit documentation, control narratives, and support artifacts.
• Support the development of audit related metrics and reporting to monitor program effectiveness and risk trends.
• Escalate unresolved audit or compliance concerns using established governance processes.
• Ability to effectively and accurately convey information to others.
• Perform related duties as assigned by management.

Benefits

• Medical, dental, and vision insurance
• Health Savings Account with employer contribution
• 401(k) Retirement plan with employer match
• Paid Maternity Leave/Parental Bonding Leave
• Pet insurance
• Adoption Assistance
• Tuition reimbursement
• Employee Loan Program
• The Newrez Employee Emergency and Disaster Fund is a new program to support our team members
• Newrez NOW: Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more
• 1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice
• Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee
• Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions