IT Regulatory Analyst
32 Hartwell Ave Greater Boston Area, MA 02421
Position: IT Regulatory Analyst
Location: Greater Boston Area, MA
Type: Contract to Hire
Duration: 6 months to start - CTH
About the IT Regulatory Management Team
Our mission is to enable and support the IT organization to understand, meet, or exceed regulatory, compliance and contractual requirements throughout its audits, operations, and projects. We provide our services as part of Corporate IT, supporting the CIO, VP’ s, IT Directors, managers and lines of business.
DUTIES / ACTIVITIES
- Responsible for driving the culture through values and customer service standards.
- Accountable for outstanding customer service to all external and internal customers.
- Develops and maintains effective relationships through effective and timely communication.
- Takes initiative and action to respond, resolve and follow up regarding customer service issues with all customers in a timely manner.
- Support all IT audit (internal and external) engagements, with a focus on the SOX audit program
- Assist with the negotiation of audit scope
- Provide oversight and enhance the existing IT audit program throughout the year
- Create document request lists to facilitate efficient audit engagements
- Create meeting agendas to support internal & external IT audit walk-throughs
- Communicate with IT control owners and the audit representatives throughout audits
- Facilitate the collection of audit documentation from IT control owners
- Perform IT management testing (general and application controls)
- Monitor and measure IT key control performance
- Represent IT management and assist with the creation of responses & remediation plans
Information Systems (IS) Control Design and Implementation: Design and implement information systems controls in alignment with the organization’ s risk appetite and tolerance levels to support business objectives; including:
- Interview process owners and review process design documentation to gain an understanding of the business process objectives. Ensure all controls are assigned control owners to establish accountability. Analyze and document business process objectives and designs to identify required information systems controls.
- Maintain information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
- Facilitate the identification of resources (e.g., people, infrastructure, information, architecture) required to maintain and operate information systems controls
- Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
- Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
- Test or aid in the testing of information systems controls to verify effectiveness and efficiency prior to implementation. When needed implement information system controls to mitigate risk.
- Information Systems (IS) Control Testing, Monitoring and Maintenance:
- Test, monitor and maintain information systems controls to ensure they function effectively
- Conduct testing to confirm continuous efficiency and effectiveness of information systems controls.
- Collect information and review documentation to identify information systems control deficiencies.
- Review information systems policies, standards and procedures to verify that they address the organization' s internal and external requirements.
- Develop an in-depth knowledge of these systems concerning applications, infrastructure and operational processes to help detect any defects in compliance commitments.
- Work closely with corporate departments such as Compliance, Internal Audit, and Legal
- Act as a liaison for IT regarding testing and reporting on audit outcomes
- Work with external auditors on reviewing management testing and support their testing requirements concerning documentation and management.
- Other duties as assigned.
- Bachelor’ s degree or equivalent work experience in Computer/Information Science or Business Management
- CISA, CRISC Certifications (or similar) are beneficial
EXPERIENCE AND REQUIRED SKILLS
- 4+ years of experience with IT controls, (SOX) compliance, IT risk, audit practices, or regulatory management requirements across multiple domains
- 4+ years of extensive experience with IT environments, IT control or risk assessment and remediation planning
- Working knowledge of standards, frameworks and leading practices related to information systems control design and implementation (COSO)
- Knowledge of the concept of IT control objectives (CoBIT)
- Knowledge of testing methodologies and practices related to information systems control design and implementation
- Knowledge of the information systems architecture (e.g., platforms, networks, application, databases and operating systems)
- Self-starter with strong analytical skills, goal driven and detailed oriented, enjoys a continuous process improvement working environment.
- Effective and cooperative team member, business communication skills and able to communicate effectively between IT and business roles. Effective oral and written communication skills
- Excellent oral and written communication skills and able to work creatively, analytically, and independently in a problem-solving environment
- Must pass back ground check and drug screening