Senior It Compliance Analyst

The Senior IT Compliance Analyst will report directly to the Director of Cybersecurity Operations and Deputy IT Director. They will be primarily responsible for IT risk-based assessments and audits of CWS, its affiliates, and programs by internal and external engagement teams to evaluate the strengths and weaknesses of internal IT regulatory compliance and security controls posture. This position will play a vital role within the organization by identifying and documenting risks and communicating those risks to critical business leads and stakeholders, conducting internal assessments of internal control processes to determine gaps relative to applicable industry regulatory frameworks, and providing guidance and feedback to business process and control owners of standard best-practice approaches for implementing and maintaining IT security controls.

This role will actively participate in and engage with external regulatory agency examiners throughout the audit assessment period and coordinate all audit guidance, direction, and proactive audit direction with the Director of Cybersecurity Operations and Deputy Director of IT. The position will travel as needed for onsite coordination with CWS affiliates and programs undergoing audits worldwide.

• Lead the development, documentation, and implementation of Cybersecurity framework(s) and controls
• Lead the exception, mitigation, and monitoring of risk management procedures
• Assist in the development and execution of risk-based IT audit assessment plans
• Assess internal controls of application, infrastructure, database, and software of IT environment
• Participate in strategic-level initiatives such as integrated auditing, data analytics, and consultative guidance
• Identify and educate the team on current and emerging IT risks and updated IT audit practices and standards
• Facilitate and coordinate physical onsite and virtual IT audit assessments
• Review audit material for completeness, accuracy, and timeliness
• Provide feedback on audit requests, documentation, and evidence
• Liaise to audit agencies, CWS affiliates, and business units
• Assist in researching, developing, and executing IT Security audit assessment programs
• Establish audit best practices, including continuous monitoring and risk-based controls.
• Gather and document functional and technical requirements through interviews and workflow analysis.
• Convey technical information to both technical and non-technical audiences.
• Summarize and communicate audit findings and recommendations.
• Maintain an inventory of critical applications and systems as per compliance guidelines.
• Create secure repositories for audit assessments and control evidence.
• Manage external audits, including evidence collection and staff response reviews.
• Audit IT security configurations and document hardening recommendations.
• Analyze and provide input on Cybersecurity policies and controls.
• Assist in developing Cybersecurity frameworks and risk assessments.
• Collaborate with internal teams to address security policies and document risks.
• Work with business and technical areas to document security control requirements.
• Monitor and update system security controls in line with compliance guidelines.
Perform additional tasks as assigned by management.

• Bachelor’s degree in IT, business, accounting, or a related field
• 5 or more years of experience in IT Audit with expert knowledge of international and government agency compliance frameworks (RMF, NIST, ISO, MITRE, FBI CJIS Security Policy, FedRAMP, HIPAA, GDPR, etc.)
• CISA or CISSP Certified Required
• Big four public accounting firm IT audit experience is desired
• Excellent competency in IT Security policies, controls, and best practices
• Excellent competency in IT Auditing explicitly related to security controls
• Excellent math and logic skills required for calculating and quantifying risks and impacts
• Excellent technical writing skills
• Ability to research technical security material and translate it into viable recommendations
• Strong background in IT architecture and operations
• Ability to manage and track multiple priorities and related details
• Highly organized, disciplined thinker and effective time manager
• Drive and focus to complete projects and tasks
• Strong interpersonal and communication skills
• Self-directed in setting appropriate priorities and executing assigned deliverables on time
• Ability to interact with others in a professional and responsive manner
• Attentiveness to detail and accuracy
• Ability to communicate potential issues effectively and timely
• Willingness to achieve certifications in specific technologies as needed
• International travel will be required in this role

• This position is a role with in-person responsibilities with the option for remote work flexibility. Employees wishing to maintain a remote work arrangement must be able to fulfil the following conditions:
• Ability to report to designated duty station as needed
• Ability to maintain secure and appropriate personal work environment for day-to-day work
• Access to strong and reliable internet access
• Ability to adhere to CWS data security policies and protect sensitive and personally identifiable information
• Regular work hours must span core business hours 8-5PM Eastern time
• Close proximity to U.S. airport and ability to travel to attend CWS and external meetings, conferences and other in-person engagements
• Must use CWS provided laptop and cell phone