Governance, Risk, and Compliance (GRC) Analyst - SOX & Data Security FocusLocation: Clemmons, NC
Job Type: Full-time
Department: Information Security / Risk & Compliance
Reports To: Director, Global Information Security
Job Summary The GRC Analyst - SOX & Data Security Focus plays a critical role in ensuring the effectiveness of internal controls over financial reporting (ICFR) and protecting sensitive financial and regulated data. This role supports Sarbanes-Oxley (SOX) compliance, audit readiness, and risk management by partnering with Finance, IT, Internal and External auditors. The analyst administers Varonis to classify, monitor, and protect critical and sensitive data, ensuring evidence quality, least-privilege access, and reduced operational risk.
Key Responsibilities SOX Compliance & Internal Controls - Support the design, documentation, and operation of IT General Controls (ITGCs).
- Execute and evidence SOX controls related to logical access and data integrity.
- Perform control testing, track deficiencies, and manage remediation.
- Serve as liaison with Internal Audit and external auditors.
- Other duties as assigned in support of the GRC function.
Data Security, Classification & Varonis Administration - Administer Varonis to classify and protect critical and sensitive data.
- Monitor access and detect excessive privileges and control violations.
- Produce audit-ready evidence and reports from Varonis.
Identity & Access Management (SOX-Aligned) - Perform SOX user access reviews for financial systems.
- Validate provisioning, modification, and termination controls.
- Support enhancement of the Sailpoint environment to enable access management.
Qualifications & Requirements - Bachelor's degree in Accounting, Information Systems, Cybersecurity, or related field.
- 3-6 years of SOX-focused GRC or audit experience.
- Hands-on experience managing Varonis in SOX environments.
- Strong understanding of ITGCs, ICFR, and audit evidence standards.