Job Description
The Compliance & Risk Management (CRM) Business Analyst is a pivotal mid-level technology analyst role within the CRM Department. This position collaborates with Global Technology and various business units to integrate logical access controls into processes and procedures. The analyst manages moderately complex IT assignments and independently facilitates discussions, provides guidance to enhance the collective understanding of critical risks, control gaps, and recommends solutions. The role also supports annual SOC1, SOX, and SOC2 audit efforts.
Key Responsibilities:
• Collaborate with cross-functional teams to implement and manage user access controls using SailPoint IdentityNow or similar identity and access management platforms.
• Evaluate and monitor data governance to ensure data integrity, security, and compliance across the identify and access management platform.
• Administer user access reviews and certifications, leveraging SailPoint to streamline processes and ensure compliance with policies, procedures and control standards.
• Facilitate discussions with technology and business units to identify and mitigate risks, addressing control gaps with innovative solutions.
• Support IT audit processes, including logical access, change management, and computer operations, ensuring alignment with industry and IT security frameworks such as SEC and NIST.
Additional Job Details:
The ideal candidate should have:
• Moderate to Advanced Expertise with Data Handling/Analytics Tools:
o Proficiency in tools like Excel, for data manipulation, mapping, comparison, and joining from various tables and environments.
• Knowledge and Expertise in Identity and Access Management:
o Experience with SailPoint or similar platforms for user access provisioning/de-provisioning and access reviews.
o Understanding of the access certification process, including preparation and submission of user listings, monitoring access requests, and reviewing certification results.
• Moderate Knowledge of Information Security Practices:
o Familiarity with industry and IT security frameworks (e.g., SEC, NIST) and general technology controls.
o Understanding of IT systems integration with business applications, databases, and operating systems.
• Exposure to IT Audit, Risk, and Control Practices:
o Experience in IT auditing, knowledge of IT controls, and logical access management.
o CISA certification is a plus.
Skills:
• Strong verbal and written communication skills, attention to detail, and customer service orientation.
• Ability to work with managers and senior leaders across the organization, demonstrating strong communication and problem resolution skills.
• Capability to respond promptly to internal client requests and collaborate on developing access policies for access reviews.
• Experience in recommending IT process and control improvements.
• Ability to lead and facilitate discussions with various management levels, addressing user access inconsistencies or issues.
• Strong organizational and project management skills, essential for managing a high volume of work.
• Ability to work independently and in a team environment, managing time and assignments effectively.
• Previous experience with computer systems, applications, and databases.
• Moderate to advanced experience using Microsoft Excel
Education/Experience:
• Bachelor's degree in Business Management, Information Systems, Cybersecurity, Accounting, or a relevant field.
• 2-3 years of experience, with a preference for candidates with identify and access management platforms and data governance expertise.
We offer Medical, Dental, Vision, Basic Life, Short-Term Disability, Accident, Term Life, Whole Life, and 401k for all W2 Consultants. A benefit overview will be provided as requested.
