
Governance, Risk and Compliance Analyst
Posted 57 min ago

Posted 57 min ago
This is a fully remote position, open to applicants in India.
• Develop, lead, and enhance the IT Governance, Risk, and Compliance program.
• Design the new Sarbanes-Oxley (SOX) IT controls framework.
• Initiate and oversee the company's annual internal IT audit program.
• Create and implement a cohesive control framework that meets compliance requirements while being practical.
• Work closely with key stakeholders such as SaaS owners, Legal, Finance, and Security Engineering.
• Direct the creation, documentation, and execution of the SOX IT RACM Program.
• Actively promote IT control maturity milestones.
• Spearhead control harmonization efforts by evaluating various frameworks.
• Set up and lead internal audits and assessments to measure control effectiveness.
• Serve as a hands-on technical GRC expert, verifying controls directly in systems.
• Facilitate GRC advisory and remediation sessions with system owners.
• Organize and lead risk identification workshops.
• Bachelor's Degree (or equivalent) in Information Technology, Computer Science, IT Audit, or a related discipline.
• 2 - 5 years of progressive experience in IT Audit, IT Risk Management, or IT GRC.
• Essential hands-on experience in establishing, implementing, and/or managing a SOX 404 IT controls program.
• Expert knowledge and practical application experience with COSO (for ICFR) and COBIT (for ITGCs).
• Strong familiarity with other frameworks such as ISO 27001, Cyber Trust Mark, CCF, NIST, and PCI-DSS is also necessary.
• Extensive experience in managing and responding to external audits, especially SOC1.
• A solid understanding of modern authentication and authorization protocols (e.g., SSO, OAuth, SAML).
• Knowledge of Identity and Access Management (IAM) concepts, including roles, privileges, permissions, and the distinction between default/built-in versus custom accounts/groups.
• Technical proficiency to navigate the configuration settings of various systems to gather evidence.
• Understanding of IT operations concepts, including batch jobs, incident management, and the utilization of ticketing systems (such as Jira) and audit trails as evidence.
• A strong inclination for and interest in learning new technologies.
• Professional certifications such as CISA, CRISC, CISM, or CGEIT are highly desirable.
• Proven capability to manage complex projects, achieve milestones, and lead cross-functional initiatives.
• Outstanding communication and presentation skills.
• Employees have the option to work remotely.
Hotel Engine
Mattel, Inc.
LOGS Legal Group
Get handpicked remote jobs straight to your inbox weekly.