Purpose of Job: This position is a member of a team with responsibility for ensuring that the Company’s policy and standards are followed appropriately. The IT Risk/Compliance Analyst is responsible for performing Risk, Audit and Compliance work assigned, as a member of an IT Risk/Compliance team. Job Functions/Responsibilities (List in order of importance): % of time Function 1. 15 Work with the IT Risk/Compliance Team in the execution of the IT Risk/Compliance Program by obtaining and analyzing data and information required for decisions in planning, scoping, and risk-assessing the review and /or conducting assigned testing. Apply professional standards, responsible business judgment and the compliance program methodology for the effective, timely execution of assigned tasks and team responsibilities. 2. 20 Perform compliance testing for IT areas of Sarbanes-Oxley. 3. 20 Perform Compliance activities including access recertification and process documentation. 4. 20 Participate in Risk Control Self-Assessment (RCSA) activities. 5. 15 Perform audit engagements, following steps outlined in detailed audit programs, including identifying and assessing risks, and document findings in work papers as a member of a Compliance team. 6. 5 Draft audit findings for inclusion in audit reports, perform subsequent follow-up procedures against Exception Requests and Gaps to ensure proper closure and resolution. 7. 5 Participate in the development of compliance audit procedures, supporting tools and reports to evaluate risks and controls. Typical Minimum Education: Undergraduate degree in Computer Science, MIS, Business Management, or other relevant field. Documented training or education in the areas that include Risk Management, IT Audit and SOx. CISA/CRISC/CISM/CISSP certification preferred. Typical Minimum Experience: Years: 1 Year Describe: The candidate should have direct experience with performing Risk Control Self-Assessments and Sox testing activities. The candidate should also be familiar with IT General Controls including Security, Operations, SDLC and Change Management. Typical Minimum Knowledge and Skills Familiarity of IT Risk Management and Assessment. Familiarity of auditing standards (IIA and ISACA) and the COBIT framework. Knowledge of Information Security and Audit principles and Best Practices, including ISO 27001. Familiarity with computer system platforms, terminology, and technology. Strong analytical skills. Ability to quickly learn and apply new technical concepts to IT or operational audits. Ability to work independently or within a team. Prioritization skills. Must have the ability to multi-task on multiple assessments, projects and initiatives.