IT Risk Analyst

Summary

Join Brilliant Earth as an IT SOX Risk Analyst and play a crucial role in ensuring compliance with SOX regulations. You will lead IT General Controls development, conduct risk assessments, and manage remediation efforts. Collaborate with cross-functional teams, including IT, security, data, compliance, and internal audit. This position requires strong IT audit experience, control testing, and process documentation skills. You will also be responsible for stakeholder engagement and reporting on SOX compliance findings. The ideal candidate possesses strong project management, communication, and problem-solving abilities. Brilliant Earth offers a competitive compensation and robust benefits package.

Requirements

• 5+ years of experience in IT/Internal Audit or Risk Assurance, with a focus on SOX compliance and ITGCs
• Strong understanding of control procedures, frameworks (e.g., COSO), and risk assessment practices, with the ability to assess and manage risk within IT systems and processes
• Proven experience with IT audit, control testing, and process documentation
• Strong project management skills, with the ability to manage multiple tasks and prioritize competing demands effectively
• Excellent communication and interpersonal skills, with a demonstrated ability to build relationships and influence teams across departments
• Critical thinking and problem-solving abilities to analyze control deficiencies and propose effective remediation strategies
• Proficient in Microsoft Office suite applications, including Excel, Word, and PowerPoint

Responsibilities

• Lead the development, documentation, and implementation of IT General Controls (ITGCs) for SOX compliance, ensuring alignment with regulatory requirements
• Conduct risk assessments across the technical landscape, including the review of system implementations, data migrations, and SDLC controls
• Lead the analysis of root causes, impact assessments, and remediation efforts related to control deficiencies
• Conduct periodic reviews of Segregation of Duties (SOD) and application controls across the company’s systems
• Review, assess, and evaluate system reports for accuracy, completeness, and effectiveness
• Assist with IT audit requests and serve as a key liaison between IT and business teams during audits
• Collaborate with internal audit to design testing programs for SOX 404 assertions, ensuring that control procedures are appropriately tested and documented
• Manage the internal controls repository (Audit Board), ensuring it is up to date with control design and testing documentation
• Lead the design and implementation of controls for new systems, processes, and launches, ensuring that appropriate internal controls are in place before launch
• Work with third-party service providers to assess SOC reports and evaluate control practices for outsourced services
• Continuously seek opportunities to improve the efficiency and effectiveness of the SOX program through process optimization and automation
• Manage and lead company-wide training initiatives for process and control owners to ensure they are informed of internal controls and SOX compliance requirements
• Play a key role in the company’s annual and semiannual risk assessment processes, ensuring that emerging risks are identified and addressed in a timely manner
• Develop and present SOX compliance findings and assertions for leadership and Audit Committee meetings
• Foster collaboration with the IT, security, data, and compliance teams to ensure consistent and effective SOX documentation and monitoring
• Build strong partnerships with business and IT owners to coordinate remediation activities, develop and assist in executing remediation plans
• Coordinate annual and periodic control and system certifications
• Collaborate with internal and external auditors to streamline ITGC testing, walkthroughs, and audit procedures, driving efficiencies and minimizing business disruption

Preferred Qualifications

• Professional certifications such as CISA, CIA, CFE, or CISSP are highly preferred
• Experience working in public accounting with a PCAOB-registered firm
• Knowledge of IT project management principles and best practices
• Familiarity with ERP systems such as NetSuite, Salesforce, and Oracle, particularly with respect to SOX compliance and internal controls

Benefits

• Medical, dental, and vision insurance
• 401k match
• Open PTO Policy
• Disability and Life insurance. 100% employer-paid
• Pre-Tax Commuter Benefits
• Company-sponsored learning in leadership, professional skills, diversity & inclusion, and access to tuition reimbursement for role-specific trainings
• Employee Discounts
• Wellness Benefits. We offer access to exclusive discounts on gym memberships and more, as well as an Employee Assistance Program for 24/7 access to counseling
• Giving Back and Volunteer Opportunities