IT Infrastructure Controls Senior Analyst

Job Title

Job Description Summary

Job Description

Responsibilities

Audit Request Management:

• Gather and manage infrastructure-related audit requests, ensuring all necessary information is collected in a timely and efficient manner.
• Coordinate with internal and external auditors to provide required documentation, evidence, and reports related to IT infrastructure controls.
• Respond to audit inquiries related to infrastructure controls, ensuring full compliance with audit requirements.
• Track and document the status of audit requests, ensuring that deadlines are met and responses are accurate.

Identification of Control Gaps:

• Conduct regular assessments of infrastructure controls (including network security, access management, patching, backups, and system configurations) to identify any gaps or weaknesses.
• Analyze audit findings, security assessments, and control reviews to identify potential deficiencies in current IT infrastructure controls.
• Collaborate with IT Operations teams to ensure that any gaps in infrastructure controls are clearly identified, documented, and prioritized for remediation.

Control Deficiency Management:

• Lead efforts to manage and remediate identified control deficiencies, working with cross-functional teams to implement corrective actions.
• Develop and maintain a control deficiency management process, ensuring that deficiencies are tracked, resolved, and documented with appropriate timelines.
• Provide regular updates to senior management on the status of control deficiencies and remediation efforts.
• Collaborate with infrastructure, security, and risk management teams to ensure timely and effective resolution of deficiencies.

Compliance & Risk Management:

• Ensure that infrastructure controls comply with relevant regulations, industry standards, and internal policies (e.g., SOX, NIST, ISO 27001).
• Assess risk related to infrastructure control deficiencies and provide recommendations for mitigating identified risks.
• Participate in risk assessments and vulnerability management processes to ensure infrastructure security and compliance.

Process Improvement & Optimization:

• Identify opportunities to improve the efficiency and effectiveness of infrastructure control processes, ensuring that controls are proactively managed and optimized.
• Recommend and implement improvements in infrastructure control workflows and audit management practices to streamline operations and reduce the risk of deficiencies.
• Stay updated on industry trends, emerging technologies, and regulatory changes to ensure the infrastructure control framework remains current and effective.

Monitoring & Reporting:

• Develop and implement processes for continuous monitoring of infrastructure controls to ensure they are maintained and operate as intended.
• Create and maintain reports on control effectiveness, audit readiness, and deficiency management progress.
• Provide regular reports and presentations to leadership on audit activities, control gaps, and remediation efforts.

Collaboration & Knowledge Sharing:

• Work closely with IT infrastructure, security, compliance, and other relevant teams to ensure alignment on control requirements and remediation efforts.
• Provide guidance and support to internal teams on control management, audit processes, and deficiency remediation.
• Foster a culture of collaboration and continuous improvement, helping teams identify and implement best practices for infrastructure control management.

Required Qualifications:

• Degree or equivalent work experience in computer science, information systems, or related field
• 5+ years of experience in IT infrastructure, IT control operations, IT audit management, or related roles, with a focus on infrastructure controls and compliance.
• Strong understanding of infrastructure systems, including servers, databases, Active Directory, password vault tools and cloud environments (Microsoft Azure).
• Experience with IT control frameworks such as NIST, ISO 27001, SOX, COBIT, and other industry standards.
• Strong knowledge of audit processes and methodologies, particularly related to IT infrastructure and control management.
• Demonstrated ability to identify, document, and manage control deficiencies and remediation activities.
• Strong analytical skills with the ability to assess risks, identify control gaps, and develop actionable remediation plans.
• Excellent communication skills, with the ability to interact effectively with both technical and non-technical stakeholders.

Foreign language skills required for filling the position:

• English – Intermediate written and oral competency