Technology Risk Assurance Lead Analyst

TAH Harrah's Lake Tahoe • Remote (United States) • 3w ago

Description

Job Summary:

The Technology Risk Assurance Lead Analyst is responsible for managing and overseeing IT risk and compliance programs to ensure adherence to regulatory and industry standards. This role plays a key part in ensuring compliance with Sarbanes-Oxley (SOX), Payment Card Industry (PCI) standards, regulated gaming control standards, and broader IT security audits.

This position will lead IT compliance efforts, conduct risk assessments, control evaluations, and audit readiness activities, and work closely with internal auditors, external auditors, IT teams, and business stakeholders. The role ensures the effectiveness of internal controls over financial reporting (ICFR) and drives continuous improvements in IT risk management frameworks.

The ideal candidate is a highly analytical professional with expertise in IT risk management, SOX compliance, and IT general controls (ITGCs), and possesses strong communication skills to engage cross-functional teams and provide recommendations for enhancing the organization's IT risk posture.

Key Responsibilities:

1. Internal Controls & IT Risk Management

Lead IT SOX compliance initiatives, ensuring that IT controls align with regulatory and financial reporting requirements.
Conduct risk assurance assessments, control design evaluations, and control effectiveness testing for IT general controls (ITGCs) and application controls to identify vulnerabilities, gaps, and areas of improvement.
Coordinate IT SOX activities, working closely with internal auditors, external auditors, and IT teams to facilitate walkthroughs, testing, and process reviews.
Identify, evaluate, and validate IT control deficiencies, including root cause analysis.
Work closely with IT teams to evaluate the relevance of IT controls for system changes, new implementations, and software upgrades, while assessing their impact on the organization's security posture.
Monitor segregation of duties (SoD) and user access controls, ensuring compliance and minimizing risk exposure.
Support IT and business stakeholders in risk identification, mitigation, and governance efforts to ensure a strong compliance culture.

2. Documentation & Compliance Reporting

Maintain comprehensive documentation of IT SOX controls, risk assessments, compliance findings, and remediation actions.
Develop and distribute IT compliance reports, dashboards, and risk metrics for senior management, internal audit, and external regulators.
Track and analyze IT compliance trends, providing insights and recommendations to enhance internal control effectiveness.

3. Training, Awareness, & Stakeholder Engagement

Develop and deliver training programs and guidance to IT and business process owners on SOX compliance, ITGCs, and risk management practices.
Provide support to IT teams in understanding compliance requirements, control expectations, and audit readiness strategies.
Assist in the development of training materials, compliance best practices, and awareness campaigns to strengthen IT risk and governance programs.

4. Process Improvement & Governance

Collaborate with IT, security, and business teams to enhance compliance processes and automate control monitoring.
Identify opportunities to streamline IT SOX compliance efforts by leveraging automation, analytics, and risk management tools.
Support IT governance initiatives to sustain a strong compliance culture across IT operations and ensure alignment with enterprise risk management frameworks.

Qualifications & Requirements:

Education & Experience:

Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field.
5-7 years of experience in IT risk management, IT SOX compliance, IT audit, or IT security governance, preferably within a regulated industry.
Strong knowledge of ITGCs, application controls, SOX, PCI DSS, and gaming industry compliance requirements.
Experience coordinating IT SOX activities and working with internal and external auditors.
Prior experience working with GRC (Governance, Risk, and Compliance) tools and familiarity with automating compliance processes.

Technical & Soft Skills:

Deep understanding of IT control frameworks such as COBIT, NIST, ISO 27001, COSO, and PCI DSS.
Proficiency in IT risk assessment methodologies, control testing, and audit procedures.
Strong analytical and problem-solving skills with the ability to interpret compliance data and identify trends.
Experience with data analytics tools (e.g. Alteryx, Power BI).
Excellent documentation, reporting, and stakeholder communication skills.
Ability to collaborate with cross-functional teams and effectively manage multiple compliance initiatives.

Preferred Certifications: