IT Risk & Compliance Analyst

Job Title: IT Risk & Compliance Analyst
Job Location: Tampa, FL 33607
Job Duration: 6 Months+ Contract (Possible extension)
 
Schedule: 4 days on-site, 1 day remote (Midtown)
Hours: 8:00 AM – 5:00 PM
Education: Bachelor’s degree is required.
 
Note: We are open to considering a more junior candidate with 1–2 years of IT Compliance, IT Audit, or Cybersecurity experience; however, compensation will be adjusted accordingly.
 
Required Skills & Experience:

• 3+ years of experience in IT Security, IT Audit, or related controls-focused roles.
• Strong ability to identify control gaps, develop remediation plans, and drive remediation efforts to completion.
• Experience with SOX compliance.
• Background in assurance functions such as Audit/IT Compliance, compliance assessments, IT governance, or GRC tools.

• CISA or CRISC certifications.
• Experience with PCI controls and the NIST Cybersecurity Framework.
• Familiarity with tools and platforms such as SAP, ServiceNow, AuditBoard, Splunk, Tenable, CyberArk.
• Experience performing risk assessments and vulnerability assessments.

• Coordinate the implementation of SOX controls across in-Product systems and processes, facilitating discussions among stakeholders, validating evidence, and ensuring timely completion of remediation activities.
• Ensure IT department adherence to regulatory and contractual compliance requirements, including SOX and PCI.
• Collect, review, and sample evidence to demonstrate compliance; escalate non-compliance issues to senior management.
• Administer IT Compliance Management Systems and GRC tools, and assist in implementing technology-based solutions that support IT risk initiatives.
• Support the collection, review, and approval of compliance evidence.
• Assist with information-sharing initiatives, including gathering metrics and managing surveys with partner utilities.
• Document non-compliance findings, recommend corrective actions, and oversee remediation through completion.
• Monitor and report risk, exceptions, and exposures to IT senior leadership.
• Conduct fact-based assessments of new and existing systems and technologies, evaluate the effectiveness of compliance controls, and provide subject-matter expertise to internal stakeholders.