IT Compliance Testing Analyst

Hourly Pay Rate: $42-$48
MUST SIT LOCAL TO SACRAMENTO, CA.

The incumbent is responsible for maintaining the existing IT General Controls (ITGC) testing program and shall operate to protect CEA information and technology assets and ensure CEA is in compliance with security policies, standards, and procedures, Work with IT staff to obtain the evidence required for IT audits, including reviewing and assessing Gate 1 & 2 information to assure that the actual results align with the expected. Re-test corrected issues to ensure that deficiencies were addressed effectively and as expected. The duties for this position are primarily focused within the Business Technology Management and Client Services domain; however, work may be assigned in the other appropriate domains as needed. The compliance analyst will also act as secondary to the change manager and oversee the change management process.

The incumbent is responsible for evaluating all IT controls, policies, and processes to develop and maintain a testing program that ensures IT's ongoing compliance, and results in IT being 'Audit Ready' or able to pass an audit of IT at any point in the year.

The Compliance Analyst will work with their IT and business counterparts to obtain all evidence required for IT Audits; comparing the actual results with the expected results, identifying and assisting the Control Owner(s) to mitigate any deficiencies in IT compliance, and then re-testing as needed to ensure the deficiencies are addressed effectively. Develop and maintain all artifacts required by the ITGCs, including audit-ready evidence to demonstrate IT's implementation of associated best-practice policies, control standards, control procedures (i.e., software development life cycle (SDLC), and other industry-authoritative sources annually and as necessary. Translate complex regulations into actionable policies and ensure that IT policies and procedures are up to date with the latest legal and regulatory standards. Continuously monitor the effectiveness of controls and ensure they are functioning as intended. Recommend updates or changes, as necessary. Collaborate with enterprise security, legal, and business units to ensure an integrated approach to compliance across the organization. Assist in responding to security incidents, ensuring they are managed in a way that complies with legal and regulatory requirements.

Investigate information security incidents and security violations, including unauthorized use or disclosure of confidential information to prevent loss or disclosure of CEA's confidential information. As directed, conduct computer forensic analysis and documentation for support of the root cause analysis and remediation of security events for the department's information assets. Present findings to upper-level staff, including management.

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form. The EEOC "Know Your Rights" Poster is available here.

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

3 years of IT Compliance or Security experience
o SOC 2 Type 2 (System & Organizational Controls) certification/experience
o Experience with external auditors as well as internal auditors
o SOX audit experience
Experience in creating, updating, and enforcing IT compliance policies
Understanding of cybersecurity principles and best practices for protecting data and systems
Experience in conducting internal audits, identifying gaps in compliance, and working to address these gaps
Understanding how to handle data privacy, protection, and life cycle management in compliance with regulatory requirements

GRC (Governance, Risk, & Compliance) solution application
o Tools such as ServiceNow for managing compliance efforts
Experience within the COBIT IT governance framework
SPRINTO GRC

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.