Position: Business Analyst, GRC
Location: Saint Paul, MN (Hybrid, 2-3 Days Onsite)
Employment: 7 Month Contract-To-Hire
Pay Range: $30-$35/Hourly
Required Skills & Experience
- Strong understanding of Controls and Audit Frameworks; experience with standard Audit Methodologies
- Attention to detail and strong documentation skills
- Strong communication and project driver as there is extensive collaboration with teams across Enterprise IT.
Nice to Have Skills & Experience
- Experience with SOX Compliance controls
- Experience with NIST audits and compliance
- Experience with GRC Controls processes
Job Description
A customer is seeking a GRC Security Analyst to support collaboration efforts with the Governance, Risk and Compliance team and Internal Audit groups managing NIST and SOX related activities. This role will serve as a Liaison to ensure timely tracking, reporting and resolution of audit findings, assist in drafting and managing Management Action Plans (MAPs), and coordinate SOX/NIST testing and escalations with control owners.
Audit Liaison & Remediation Tracking:
- Act as the primary point of contact between the Security GRC team and Internal Audit.
- Track and monitor audit findings related to cybersecurity, IT risk, and SOX controls.
- Draft, review, and manage Management Action Plans (MAPs) in response to audit findings.
- Coordinate with control owners and stakeholders to gather evidence and updates.
SOX Testing Coordination:
- Manage the end-to-end SOX testing lifecycle for ITGCs and application controls.
- Coordinate with control owners to ensure timely completion of testing activities.
- Monitor testing progress, escalate delays or issues, and support remediation of failed controls.
- Liaise with internal and external auditors to facilitate walkthroughs, evidence collection, and issue resolution.
Stakeholder Coordination & Evidence Management:
- Facilitate communication between Internal Audit, control owners, and GRC leadership to ensure alignment on audit findings, SOX testing, and remediation expectations.
- Coordinate meetings, follow-ups, and status updates to drive timely resolution of open items.
- Assist control owners in understanding audit and SOX requirements and expectations.
- Ensure all documentation and evidence related to findings or MAPs are complete, consistent, and audit-ready.
Metrics & Reporting:
- Develop and maintain dashboards and KPIs to communicate status and progress of audit remediation and SOX testing.
- Provide regular updates to leadership on audit status and SOX compliance posture.
