Senior IT Controls & Compliance Analyst - Information Security (Hybrid)

$95,350 - $127,125/Yr

First American Financial - Santa Ana, CA

posted 5 months ago

Full-time - Mid Level
Santa Ana, CA
Insurance Carriers and Related Activities

About the position

The Senior IT Controls & Compliance Analyst position is a critical role within the Information Security team at First American. This role is designed to support various audit workstreams, including those for lenders, regulators, internal and external audits, as well as SOX and SOC efforts. The successful candidate will work closely with personnel across all levels of the organization, leveraging their in-depth knowledge of IT general controls and IT audit fundamentals. Strong project management skills and process analysis capabilities are essential for this position, as the analyst will be responsible for identifying control gaps, analyzing evidence, and providing actionable recommendations to enhance the control environment. In this hybrid role, the analyst will be required to work onsite in Santa Ana, CA, for two days a week. Key responsibilities include performing analyses of audit control gaps, advising management on the design and implementation of control activities, and assisting in the development and maintenance of tools and processes that streamline compliance and control activities. The analyst will also conduct readiness assessments with application teams to ensure compliance with SOC and SOX programs, develop test plans, and communicate results to stakeholders effectively. The role demands excellent customer service skills, as the analyst will maintain ongoing relationships with control owners and key stakeholders, including Information Security, IT, business lines, Internal Audit, and external third parties. Additionally, the analyst will be responsible for maintaining program documents, understanding company and IT objectives and risks, and providing ongoing education and training in Information Security. The position requires a proactive approach, as the analyst will need to perform duties outside of normal work hours based on business needs, and tasks will range from simple audit steps to complex risk assessments.

Responsibilities

  • Perform analysis of audit control gaps over processes and tools, analyze evidence, and provide recommendations to remediate findings and improve the control environment.
  • Advise management on the design and implementation of control activities that reduce risk, add value, and mature the control environment.
  • Assist in the development, maintenance, and implementation of tools and processes to streamline and automate compliance and control activities.
  • Perform readiness assessments with application teams to onboard to SOC and SOX program by creating test plans, analyzing evidence to ensure it meets control objectives, identifying gaps, and communicating results to stakeholders.
  • Provide excellent customer service in support of program activities.
  • Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties.
  • Assist with the maintenance and update of program documents.
  • Maintain an understanding of Company and IT objectives and risks.
  • Perform ongoing education and training in Information Security related areas.
  • Provide subject matter expertise related to IT General Controls and Information Security policies and standards.
  • Maintain data within the system of record which tracks issues, engagements, and metrics that get communicated throughout the organization.
  • Perform duties outside of normal work hours based on business needs.
  • Participate in brainstorming discussions and can act in an advisory capacity.

Requirements

  • Minimum 5 years relevant work experience in Information Security, IT Risk Management, IT Governance or IT Audit.
  • Bachelor's Degree or above.
  • Effectively communicate IT compliance expectations to all levels of the organization including operational personnel and executive management.
  • Gain support and consensus with multiple stakeholders and partners (internal and external).
  • Manage multiple initiatives simultaneously, with strong ability to prioritize.
  • Respond appropriately to potential audit findings including vetting and assessment of risk.
  • Customer focused in the context of balancing risk reduction with business needs.
  • High attention to detail to manage, analyze and finalize artifacts and documents.
  • Highly developed oral and written communication skills; strong presentation skills.
  • Highly flexible, adapting to changes in priorities and requirements.
  • Development and maintenance of program-related documentation (e.g., standard operating procedures).
  • Ability to quickly learn, communicate and apply technical concepts.
  • Relevant, industry recognized security certification such as CISSP, CISA, CISM.

Benefits

  • Medical insurance
  • Dental insurance
  • Vision insurance
  • 401k
  • PTO/paid sick leave
  • Employee stock purchase plan

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service