Senior GRC Analyst

Summary

Join Abnormal AI as a Senior GRC Analyst to lead our SOx IT compliance program. You will manage the end-to-end SOx program, coordinating with internal and external audit partners. Responsibilities include leading ITGC scoping, evidence collection, walkthroughs, testing, and issue remediation. The ideal candidate possesses strong project management, communication, and collaboration skills, with a keen attention to detail and the ability to explain complex technology to diverse audiences. You will be the main point of contact for SOx-related matters and help mature the program. This role requires proven security experience in an audit or advisory capacity and in-depth knowledge of SOX 404 requirements and IT General Controls (ITGCs).

Requirements

• 5+ years of experience in IT audit, SOx compliance, or related GRC roles
• In-depth knowledge of SOX 404 requirements and IT General Controls (ITGCs)
• Experience coordinating internal or external audits, including evidence gathering and walkthroughs
• Strong project management skills and ability to drive remediation across teams
• Excellent written and verbal communication skills, with the ability to explain audit findings and compliance needs to non-technical stakeholders

Responsibilities

• Own and lead Abnormal’s SOx IT compliance program, including annual planning, testing coordination, and reporting
• Coordinate with internal and external auditors to manage walkthroughs, evidence collection, and testing of ITGCs
• Track and drive remediation of control gaps or audit findings and ensure closure is properly documented
• Maintain up-to-date documentation for controls, narratives, and process flows
• Partner with business and technical stakeholders to improve control design and operational effectiveness
• Monitor regulatory changes and adjust control requirements and documentation as needed
• Support continuous improvement of the SOx program, through automation, metrics, and process enhancements
• Design and manage program operations to support the program goals and implement and maintain technology to support the program and its operations
• Engage in ad-hoc projects as required
• Maintain regular, clear communication with project teams, key partners, and management regarding the status of controls testing, audit progress, risk assessment progress, and progress of issues management
• Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners

Preferred Qualifications

• Bachelor's degree or equivalent military experience
• CRISC, CISSP, CPA, CISA, PMP, CISM certification(s)
• Experience using audit tools (e.g. ServiceNow, Drata)
• Familiarity with cloud infrastructure, SaaS applications, and access control systems
• Experience in a fast-paced technology company undergoing IPO or public company compliance requirements
• 2+ years of Big 4 experience

Benefits

• Bonus
• Restricted stock units (RSUs)