The IT Compliance Analyst is responsible for supporting IT governance, risk, and compliance activities that help ensure IT processes, controls, and documentation align with applicable regulatory, audit, and framework requirements. As part of the IT GRC team, this role assists with control testing, evidence gathering, audit preparation, compliance monitoring and policy and standard reviews. The analyst partners with IT teams, internal audit, external auditors, and business stakeholders to support control effectiveness, strengthen audit readiness, and promote a culture of compliance across the IT organization.
Key Accountabilities/Deliverables:- Support the execution of IT compliance activities as part of the IT GRC team, ensuring alignment with internal policies, standards, regulatory requirements, and control frameworks.
- Assist with IT control testing, including gathering evidence, reviewing documentation, validating control performance, and documenting results.
- Support audit readiness activities by preparing evidence, tracking audit requests, coordinating with IT control owners, and helping resolve audit findings.
- Maintain and organize compliance documentation, including policies, standards, procedures, control evidence, risk records, and audit artifacts.
- Monitor compliance tasks, deadlines, and deliverables to ensure timely completion of control reviews, assessments, and remediation activities.
- Work with IT teams to identify control gaps, documentation issues, process weaknesses, and opportunities to improve compliance practices.
- Support the tracking and reporting of compliance metrics, KPIs, audit status, control issues, and remediation progress.
- Assist with reviewing IT policies, standards, and procedures to ensure they remain current, accurate, and aligned with governance requirements.
- Coordinate with internal audit, external auditors, IT teams, and business stakeholders to support assessments, audits, and compliance reviews.
- Help identify IT compliance training and awareness needs and support the development or delivery of related materials.
- Promote a culture of compliance, accountability, and continuous improvement across the IT organization.
Technical Knowledge and Understanding:- Bachelor's degree in Information Systems, Cybersecurity, Information Technology, Business, or a related field preferred.
- Working knowledge of IT governance, risk, and compliance concepts, including how IT controls support regulatory, audit, and business requirements.
- Familiarity with key frameworks and regulatory requirements such as SOX, NYDFS Cybersecurity Regulation, COBIT, NIST CSF, and related IT control standards.
- Understanding of IT General Controls, including access management, change management, computer operations, incident management, backup and recovery, and SDLC controls.
- Ability to support audit and compliance activities, including evidence collection, control testing, issue tracking, remediation monitoring, and audit readiness.
- Strong analytical, communication, documentation, and problem-solving skills, with the ability to work with IT teams, auditors, and business stakeholders.
- Self-driven, curious, detail-oriented, and hands-on, with a willingness to learn new processes, systems, frameworks, and compliance requirements.
- Ability to manage assigned tasks, track deliverables, meet deadlines, and support multiple compliance or audit-related initiatives.
- Experience with GRC, ticketing, collaboration, or evidence management tools such as Jira, Confluence, SharePoint, Microsoft 365, or similar platforms preferred.
- Professional certifications such as CISA, CRISC, ISO 27001 Foundation, or ISO 27001 Lead Implementer are a plus.
Experience:- 3+ years of experience in IT compliance, audit, or risk management.
- Experience supporting compliance programs, audits, risk assessments, control reviews, or regulatory readiness activities.
- Experience assisting with IT control testing, evidence collection, documentation review, and audit request coordination.
- Experience supporting IT risk assessments, documenting control gaps, tracking remediation actions, and following up with control owners.
- Experience maintaining compliance documentation, control evidence, issue logs, remediation trackers, policies, standards, procedures, or audit artifacts.
- Prior experience supporting frameworks or regulatory requirements such as SOX, NYDF, NIST, COBIT, or HIPAA preferred.
Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over work authorization sponsorship now or in the future for this position.
#LI-Hybrid
At Core Specialty, you will receive a competitive salary and opportunities for professional development and advancement. We offer medical, dental, vision, and life insurances; short and long-term disability; a Company-match of 100% of a 6% contribution 401(k) plan; an Employee Assistance Plan; Health Savings Account, Flexible Spending Account, Health Reimbursement Account, and a wellness program
