Audit & Compliance Analyst

About the position

The Audit & Compliance Analyst at RouteOne is responsible for overseeing internal controls and ensuring the success of the Information Compliance, Audit, Risk, and Governance Program. This role focuses on protecting company information and assets, maintaining security, and ensuring compliance with internal controls. The analyst will design, develop, implement, and maintain a comprehensive information security program tailored to the company's needs, while effectively communicating with management, auditors, and customers.

Responsibilities

• Execute and manage internal audits.
• Collect and maintain audit evidence for annual SOC and GLBA audits.
• Participate in audits of RouteOne's vendors and track remediation to closure.
• Respond to audits from finance sources, leading sessions and providing evidence.
• Design new controls and update policies to close audit findings.
• Review reports from monitoring tools and escalate issues to the Security Team.
• Collect data, produce reports, and analyze metrics from audits to evaluate compliance.
• Assist in educating staff about information security and compliance risks.
• Monitor and enforce security policies and procedures.
• Review documentation of IT controls and business processes for compliance.
• Manage remediation plans for vulnerabilities or compliance failures.
• Perform gap analysis for compliance with regulatory requirements.
• Assist in annual Risk Assessments and Business Impact Analysis reviews.
• Participate in Business Continuity Exercises and Security Incident Response exercises.
• Provide input for compliance and risk evaluation for proposed changes.

Requirements

• 2+ years of professional experience in Audit, Compliance, Governance, Risk, or Information Security.
• Bachelor's degree from an accredited university.
• Experience in reviewing and drafting policies and procedures.
• Knowledge of internal control standards and techniques for computer processing.
• Solid understanding of information security, compliance, and governance principles.
• Familiarity with compliance frameworks like PCI, GDPR, and ISO 27001.
• Understanding of security protocols and standards such as NIST and SOC.
• Proficient in Microsoft Office products and Atlassian tools like Confluence and Jira.

Nice-to-haves

• Certifications through ISACA, CompTIA, SANS, GIAC or other certifying bodies.
• Experience with Microsoft Defender.
• Knowledge of cloud, SaaS, and shared security model responsibilities.
• Understanding of finance source and auto dealer industries.

Benefits

• Competitive salary range of $62K - $78.5K per year.