The IT Compliance Senior Analyst is responsible for leading IT compliance initiatives and ensuring adherence to regulatory requirements, internal policies, and industry standards. This role supports enterprise compliance programs through audit coordination, control testing, risk assessment, policy management, and remediation tracking across IT and business environments. As a senior team member, the analyst is expected to lead projects, mentor junior staff, and provide guidance to cross-functional teams while promoting a strong culture of compliance and accountability. The position works closely with Information Security, Internal Audit, and business leadership to identify compliance risks, strengthen controls, and support audit readiness efforts. The ideal candidate demonstrates strong leadership, analytical, and communication skills, with the ability to manage multiple priorities in a fast-paced environment. Experience supporting frameworks and regulations such as SOX, ISO 27001, NIST, HIPAA, or GDPR is preferred. Essential Duties and Responsibilities: - Lead SOX ITGC and application control testing, including design and operating effectiveness assessments. - Conduct control evaluations, compliance reviews and risk assessments. - Perform control design analysis and recommend improvements to IT processes. - Coordinate and lead walkthroughs with internal and external auditors. - Manage remediation plans, validate corrective actions, and ensure timely closure. - Develop and maintain IT compliance policies, standards, and procedures. - Provide guidance and mentoring to junior analysts. - Partners with IT and PMO teams to embed compliance requirements into system design, cloud environments, and operational processes. - Evaluate new technologies and system changes for compliance impact. - Act as a liaison between IT, business units, and leadership on compliance matters. - Researching and documenting security and compliance best practices for devices, applications, and emerging technologies. - Evaluate compliance with the organization's security policies and making recommendations for areas of improvement. - Researching and documenting compliance best practices for systems, applications, and emerging technologies. - Experience navigating complex organizations, developing, and delivering vision through various communication strategies and presentations to senior-level executives and technical audiences. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Knowledge, Skills and Abilities: - Strong understanding of SOX ITGCs, application controls, and IT audit methodologies. - Strong analytical skills to analyze security requirements and relate them to appropriate security controls. - Ability to interpret regulatory requirements and translate them into actionable controls. - Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. - Excellent communication and stakeholder management skills. - Ability to work independently on complex tasks while contributing to team initiatives. - High level of integrity and commitment to protecting organizational assets. - Ability to analyze complex security issues and communicate findings clearly to technical and non-technical audiences. - Hands-on experience with compliance management software (AuditBoard, OneTrust, Workiva) or similar enterprise security technologies. - Hands-on experience with ERP business processes and roles and experience with access control software (SAP GRC, Pathlock, OpenPages) or similar enterprise technologies. - Strong understanding of risk principles, authentication concepts, logging, SDLC, backup and restore, and change management. - Deep understanding of segregation of duty principles and application. - Ability to communicate complex technical issues to various audiences, including leadership. - Demonstrates a strong understanding of control assessment techniques and processes. - Strong analytic and problem-solving skills. - Strong oral & written communications to include report development and delivery. Educational/Certification Requirement: - Bachelor's degree in Accounting or business related field - or equivalent experience. - Bachelor's degree in Information Security, Computer Science, or related field - or equivalent experience. - Industry risk certification a strong plus (CPA, CISA, CRISC, or CISM). Experience Requirement: - Work Experience: 5-7 years of experience in IT compliance, IT audit, SOX/ITGC, or IT risk management. - 3+ years of hands-on experience supporting SAP environments, preferably supporting SAP FI modules. - Strong knowledge of IT controls over SAP financial systems, including access provisioning, segregation of duties, change management, batch processing, and system security. - Demonstrated experience supporting SOX compliance by performing and coordinating audit testing, walkthroughs, and remediation activities in systems impacting financial reporting. - Demonstrated ability to assess risks impacting financial reporting, evaluate control design and operating effectiveness, and support remediation of identified deficiencies. - Experience collaborating with cross-functional stakeholders, including finance, IT, SAP security, internal audit, and external auditors, to maintain a strong controls environment. - Working knowledge of SAP financial processes and underlying security/control considerations across key business areas such as general ledger, accounts payable, accounts receivable, cost accounting, and fixed assets. - Experience with compliance documentation, audit coordination, issue tracking, and continuous improvement of IT control processes. - Ability to operate independently, manage multiple priorities, and communicate effectively with both technical and non-technical audiences. - Strong knowledge of: - Cloud security (Azure, AWS, or GCP) - Experience with SAP or IAM security environments. - Identity and access management concepts. - Knowledge of automation/reporting tools such as Power BI or Power Automate. - Security frameworks (NIST CSF, CIS Controls, ISO 27001).