Technology Risk & Compliance Analyst

This is a fully remote position, open to applicants in Florida.

📋 Description

• Identify, evaluate, and document technology risks across projects, products, and platforms within the Retail portfolio.

• Facilitate the prioritization of technology risks based on their business impact, regulatory exposure, and established risk appetite.

• Conduct risk assessments for new initiatives, which include M&A integrations and platform implementations.

• Collaborate with project managers and product teams to incorporate risk mitigation into delivery plans and milestones.

• Ensure that risk mitigation strategies are in alignment with enterprise risk appetite and portfolio priorities.

• Monitor risk exposure and track remediation activities until completion.

• Ensure compliance with internal policies and external regulatory requirements (e.g., SOX, SOC controls, data privacy standards).

• Assist in the implementation and maintenance of IT governance, risk, and compliance (GRC) frameworks.

• Evaluate and confirm that technology policies, standards, and procedures are appropriate and aligned with regulatory and business requirements.

• Suggest updates to policies and standards in response to regulatory changes, audit findings, and the evolving risk landscape.

• Maintain compliance documentation, control narratives, and evidence repositories.

• Monitor and report on adherence to policies, standards, and standard operating procedures across the portfolio.

• Support internal and external audit activities, including the collection of evidence, walkthroughs, and tracking remediation efforts.

• Collaborate with internal and external Audit to ensure successful audit outcomes, including SOX compliance, evidence validation, and timely remediation of findings.

• Assess the effectiveness of IT controls and identify gaps across applications, infrastructure, and processes.

• Work alongside control owners to enhance control design and execution.

• Drive the timely resolution of audit findings and control deficiencies.

• Partner with Vendor Management and enterprise risk teams to ensure that technology-related vendor risks are identified and managed.

• Incorporate vendor-related risks into portfolio-level risk visibility and reporting.

• Prepare and present clear, decision-ready reports for governance forums, including Steering Committees and OCIO leadership.

• Provide insights that enable leadership to assess risk exposure alongside investment, delivery progress, and business outcomes.

⛳️ Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related field.

• 3–7 years of experience in IT risk, compliance, audit, or cybersecurity.

• Strong understanding of GRC frameworks (e.g., NIST, ISO 27001, COBIT).

• Familiarity with regulatory standards (SOX, SOC, GDPR, or similar).

• Experience in risk assessment, control design, and audit support.

• Ability to translate technical risk into business impact and communicate effectively at the executive level.

• Strong collaboration and stakeholder management skills across technology and business teams.

• High attention to detail and disciplined documentation practices.

• Willingness to travel up to 30%.

🏝️ Benefits

• Health Benefits: Medical/Rx, Dental, Vision, Life Insurance, Disability Insurance

• Financial Benefits: ESPP; 401k; Student Loan Assistance; Tuition Reimbursement

• Mental Health & Wellness: Free Mental Health & Enhanced Advocacy Services

• Beyond Benefits: Paid Time Off, Holidays, Preferred Partner Discounts, and more.