Job#: 3022027
Job Description:
Role: IT Compliance & Security Analyst
Location: Hybrid - 4 days/week onsite
Duration: Long-Term Contract
Job Description :
The IT Compliance and Information Security Analyst is responsible for providing oversight of IT compliance, regulatory requirements, information security, and controls across our technology organization. This role supports application teams to ensure digital infrastructure and applications remain secure, resilient, and compliant with internal standards and industry regulations.
As a key contributor to the Second Line of Defense, the analyst supports IT risk assessments, identifies control gaps, and partners with teams to implement remediation actions. The position also provides support for internal and external audits, working closely with business partners to identify, assess, and manage IT-related risks.
Our technology organization is undergoing a significant transformation, offering a unique opportunity to influence the evolution of our security, compliance, and regulatory practices.
Major Responsibilities
Partner with Application Teams to implement and manage IT controls
Provide security and control consulting to application teams
Support internal audit and third-party audit activities
Assist Credit Internal Controls with IT-related controls and deficiency remediation
Manage audit findings and comments, including development and sustainability of Control Improvement Plans
Conduct reviews of IT-related audit comments
Support application teams with detailed risk assessments and threat modeling
Assist Vendor Management and Business Owners with due-diligence activities for supplier onboarding
Support Privacy and Compliance attorneys with IT-related regulatory requirements
Monitor the GCP Security Command Center to maintain visibility into cloud compliance posture
Support third-party consulting engagements
Maintain accurate JIRA user stories and backlog items
Help ensure compliance with financial industry standards
Required Skills
Strong knowledge of industry-standard IT controls and security best practices
Understanding of corporate policies (Information Security Policy, Finance Manual, Corporate Directives, etc.)
Ability to assess risks and implement effective mitigating controls
Knowledge of risk management principles including assessment, mitigation, and reporting
Strong leadership skills with a results-oriented mindset
Continuous improvement mentality for controls and processes
High level of integrity and willingness to advocate for correct actions
Strong written and verbal communication skills
Ability to draft and update security procedures as threats evolve
Excellent interpersonal, collaborative, and team-building skills
Ability to work independently and manage multiple priorities
Desired Experience
5+ years of progressive experience in information security, IT risk, compliance, or audit within a financial services or regulated environment
2+ years of IT audit experience
Proven track record in IT security and controls with a strong controls mindset
Experience in the financial services sector and familiarity with regulatory frameworks
Understanding of Large Language Models (LLMs) and opportunities to apply AI within the compliance lifecycle
Industry certifications preferred (e.g., CISA, CRISC, CISM, CISSP)
Required Qualifications
Bachelor's degree in Information Security, Computer S
