Grazitti Interactive - Senior Compliance Analyst

Key Responsibilities:

- Execute the IT compliance roadmap with a strong focus on SOX (ITGC/ITAC), SOC 2, and other regulatory frameworks.

- Develop, maintain, and update IT control documentation including policies, procedures, process flows, control matrices, and risk assessments.

- Conduct walkthroughs and testing of key IT general controls (ITGCs) across applications, infrastructure, and databases to assess effectiveness and compliance.

- Work with control owners to identify gaps, develop remediation plans, and track timely resolution.

- Educate IT and business stakeholders on risk, compliance, and control requirements aligned with governance frameworks like COSO 2013, COBIT, and ITIL.

- Assist in the implementation and continuous improvement of policies and procedures based on ISO 27001/27002 and other security standards.

- Support audits and assessments (internal, external, SOC 1, SOC 2, SOX) by coordinating evidence collection, facilitating meetings, and responding to auditor inquiries.

- Participate in IT risk assessments, vendor due diligence, UAT documentation reviews, and compliance checks for new systems or scoped-in applications.

- Partner with application owners and technical teams to ensure effective onboarding of systems into ITGC scope and perform control design evaluations.

- Create and maintain internal control narratives, flowcharts, and supporting documentation to demonstrate the effectiveness of controls to auditors and management.

Required Skills & Qualifications:

- Bachelor's/Master's degree in Information Systems, Computer Science, Accounting, or a related field.

- Minimum of 3 years of relevant experience in IT compliance, audit, or risk management.

- Working knowledge of IT infrastructure, cloud and on-premise applications, server/network/database technologies.

- Hands-on experience with SOX ITGC, SOC 2, and familiarity with COSO, COBIT, and ITIL frameworks.

- Knowledge of regulatory and security standards such as ISO 27001/2, GDPR, HIPAA, etc. CISA, CRISC, or equivalent certification (preferred).

- Strong understanding of IT controls and risk assessment methodologies.