Analyst IT Compliance & Controls
Role details
Job location
Tech stack
Job description
The IT Compliance & Controls Analyst supports the organization's IT compliance and control environment through IT General Controls (ITGC) testing, audit support, control monitoring, remediation, and compliance initiatives. Reporting to the Manager, IT Compliance, Controls & Oversight. This role partners with IT, business stakeholders, and auditors to ensure compliance with regulatory requirements, organizational policies, and industry standards. Depending on level, the analyst performs hands-on compliance activities, identifies and remediates control gaps, designs and enhances IT controls, leads complex audits and compliance initiatives, and provides guidance to strengthen the organization's overall control environment.
Tasks and Responsibilities
- Assist with execution of IT compliance activities and routine ITGC testing.
- Support evidence gathering for internal and external audits.
- Help track remediation activities and follow up with IT teams.
- Participate in quality assurance reviews under guidance from senior analysts.
- Document processes, controls, and audit requests with accuracy.
- Learn and apply foundational compliance frameworks and IT control concepts.
- Support identification of potential control gaps and escalate findings to senior staff., Indoor work, operating a computer, manual dexterity, talking, hearing, and repetitive motion. Use of personal computing equipment, telephone, multi-functioning printer, and calculator. Ability to travel to and from meetings, training sessions or other business related events. Hybrid work model (subject to department and business needs). May require occasional travel to CPS Energy facilities, audit meetings, or regulatory events.
Physical Demands
Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Requirements
Basic understanding of IT operations and security principles. Strong attention to detail and willingness to learn compliance and audit methodologies. Effective communication and documentation skills. Ability to work collaboratively and follow established procedures. Familiarity with IT controls or audit concepts is a plus., * Internship or project experience in IT, cybersecurity, or audit.
- Exposure to frameworks such as SOX, NERC CIP, ISO 27001, or COBIT.
- Basic understanding of risk management concepts.
- Experience with ticketing or workflow tools (e.g., ServiceNow, Jira).
- Interest in pursuing certifications such as CISA, Security+, or ITIL.
Competencies
Communicates Effectively Driving Continuous Improvement Delivering High Quality Work Demonstrating Initiative Acting as a Champion for Change Evaluating and Implementing Ideas
Minimum Education
Bachelor's degree in Information Technology, Computer Science, another field, or equivalent experience.