IT Controls Engineer
ARCHIVED
We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.
Role SummaryThe IT Controls Testing Analyst will play a key role in executing hands-on control testing across the organization, beginning with IT and extending into other functional areas such as HR and Compliance. This role is heavily execution-focused, supporting a fast-paced testing cycle with a high volume of controls and tight timelines. The analyst will work closely with control owners, audit partners, and risk stakeholders to validate control design and effectiveness, document evidence, and support audit readiness.Key ResponsibilitiesExecute hands-on control testing across multiple processes, including change management, access management, vulnerability management, backup and recovery, and other core IT control domainsPerform Risk and Control Self-Assessments (RCSA) by partnering with control owners to identify risks, document controls, and assess residual riskCollect, review, and validate evidence to assess control design and operating effectivenessDocument testing results, issues, and remediation activities within ServiceNow IRM or a comparable GRC platformTrack findings and corrective actions, ensuring timely follow-up and accurate documentationSupport internal and external audit activities by preparing control documentation, evidence, and status updatesContribute to risk reporting, dashboards, and metrics used by management and governance stakeholdersKey Requirements3–5 years of experience in IT Risk Management, IT Controls, IT Audit, or GRC, with a strong emphasis on hands?on control testingFinancial services industry experience with familiarity testing controls aligned to GLBA and FFIEC requirementsBachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related fieldStrong preference for experience using ServiceNow IRM or similar GRC platforms for control testing and issue managementWorking knowledge of GRC and IT control frameworks such as NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFSLight SQL or data analysis experience to support evidence validation and updates (no heavy scripting required)Strong organizational and time-management skills with the ability to manage a high volume of testing activities under tight deadlinesClear written and verbal communication skills, with attention to accuracy and documentation quality