IT Risk Analyst

by | Mar 13, 2025 | Uncategorized | 0 comments

About the Role

IT Risk Analyst

Remote

Full Time

Technology

Mid Level

Brilliant Earth – IT SOX Risk Analyst 

Position Overview: 

The IT Risk Analyst will play a crucial role in ensuring Brilliant Earth’s compliance with SOX regulations, focusing on IT General Controls, key report testing, risk assessments, and remediation activities. This position requires a deep understanding of IT audit practices, control procedures, and system implementations, with a focus on strengthening internal controls and mitigating IT-related risks. The Risk Analyst will work closely with cross-functional teams, including IT, security, data, compliance, and internal audit, to support SOX 404 assertions, conduct impact analysis, and help optimize the SOX compliance program.  

Responsibilities: 

SOX Compliance & Risk Management: 

  • Lead the development, documentation, and implementation of IT General Controls (ITGCs) for SOX compliance, ensuring alignment with regulatory requirements. 
  • Conduct risk assessments across the technical landscape, including the review of system implementations, data migrations, and SDLC controls. 
  • Lead the analysis of root causes, impact assessments, and remediation efforts related to control deficiencies. 
  • Conduct periodic reviews of Segregation of Duties (SOD) and application controls across the company’s systems. 
  • Review, assess, and evaluate system reports for accuracy, completeness, and effectiveness. 

Audit & Control Design: 

  • Assist with IT audit requests and serve as a key liaison between IT and business teams during audits. 
  • Collaborate with internal audit to design testing programs for SOX 404 assertions, ensuring that control procedures are appropriately tested and documented. 
  • Manage the internal controls repository (Audit Board), ensuring it is up to date with control design and testing documentation. 
  • Lead the design and implementation of controls for new systems, processes, and launches, ensuring that appropriate internal controls are in place before launch. 
  • Work with third-party service providers to assess SOC reports and evaluate control practices for outsourced services. 

Process Improvement & Optimization: 

  • Continuously seek opportunities to improve the efficiency and effectiveness of the SOX program through process optimization and automation. 
  • Manage and lead company-wide training initiatives for process and control owners to ensure they are informed of internal controls and SOX compliance requirements. 
  • Play a key role in the company’s annual and semiannual risk assessment processes, ensuring that emerging risks are identified and addressed in a timely manner. 

Stakeholder Engagement & Reporting: 

  • Develop and present SOX compliance findings and assertions for leadership and Audit Committee meetings. 
  • Foster collaboration with the IT, security, data, and compliance teams to ensure consistent and effective SOX documentation and monitoring. 
  • Build strong partnerships with business and IT owners to coordinate remediation activities, develop and assist in executing remediation plans 
  • Coordinate annual and periodic control and system certifications 
  • Collaborate with internal and external auditors to streamline ITGC testing, walkthroughs, and audit procedures, driving efficiencies and minimizing business disruption. 

Qualifications: 

Required Experience & Skills: 

  • 5+ years of experience in IT/Internal Audit or Risk Assurance, with a focus on SOX compliance and ITGCs. 
  • Strong understanding of control procedures, frameworks (e.g., COSO), and risk assessment practices, with the ability to assess and manage risk within IT systems and processes. 
  • Proven experience with IT audit, control testing, and process documentation. 
  • Strong project management skills, with the ability to manage multiple tasks and prioritize competing demands effectively. 
  • Excellent communication and interpersonal skills, with a demonstrated ability to build relationships and influence teams across departments. 
  • Critical thinking and problem-solving abilities to analyze control deficiencies and propose effective remediation strategies. 
  • Proficient in Microsoft Office suite applications, including Excel, Word, and PowerPoint. 

Preferred Qualifications: 

  • Professional certifications such as CISA, CIA, CFE, or CISSP are highly preferred. 
  • Experience working in public accounting with a PCAOB-registered firm. 
  • Knowledge of IT project management principles and best practices. 
  • Familiarity with ERP systems such as NetSuite, Salesforce, and Oracle, particularly with respect to SOX compliance and internal controls. 

APPLY HERE

Submit a Comment

Your email address will not be published. Required fields are marked *