Key skills
SDLCServiceNowSQLBIPower BIIAMRisk ManagementChange ManagementRemote WorkPenetration Testing
About this role
Role Overview
- Conduct tests and validate IT controls (ITGC), ensuring they are designed and operating effectively;
- Assess controls in the following areas: Access Management (IAM);
- Change Management (Change Management / SDLC);
- Cybersecurity and data protection;
- IT operations and monitoring;
- Business continuity and Disaster Recovery;
- Validate audit evidence, ensuring quality, completeness and adherence to requirements;
- Support internal and external audits (SOC 2, ISO 27001, among others), including: Audit response; Organization of evidence; Support throughout the audit lifecycle;
- Execute tests of global and local QMS (Quality Management System) controls;
- Identify gaps, risks and control deficiencies, proposing action plans;
- Track and ensure execution of remediation plans;
- Collaborate with IT, security, risk and product teams to ensure compliance;
- Respond to stakeholder inquiries regarding compliance and controls;
- Support the design and improvement of controls and processes;
- Maintain dashboards, reports and compliance metrics up to date;
- Support access reviews and security policies;
- Proactively identify risks and continuous improvement opportunities.
Requirements
- 2 to 4 years of experience in: IT Compliance; IT Audit; ITGC control testing; QMS or risk management
- Strong knowledge of: ITGC (IT General Controls); Control testing (design and operational effectiveness); Evidence management and audit support
- Knowledge of frameworks and standards: SOC 2; ISO 27001; Information Security Policies (ISP)
- Experience with: Access Management (IAM); Change Management / SDLC; Cybersecurity; IT operations and monitoring
- Familiarity with testing methodologies: Walkthrough; Sample testing; Reperformance; Inspection
- Experience with GRC tools: Archer; ServiceNow GRC or similar
- Knowledge of: Vulnerability scans; Penetration testing; Security monitoring
- Proficiency in Microsoft Office (advanced Excel desirable)
- Knowledge of SQL or Power BI (pluses)
- Desired certifications: CISA (strongly preferred); CRISC; ISO 27001 Lead Auditor; Certifications related to QMS or ITGC
Tech Stack
- SDLC
- ServiceNow
- SQL
Benefits
- Remote work
- Permanent position