GRC Audit and Compliance Analyst

Job Description

The Audit and Compliance Analyst is responsible for ensuring IT and business operations adhere to internal controls, regulatory standards, and corporate policies. This role supports SOX compliance, access reviews, audit coordination, and privileged account monitoring across SAP and other enterprise systems.

Key Responsibilities

 SOX Controls Monitoring (Production deployment checks)

• Conduct monthly and emergency SOX checks to validate:
  • UAT completion and approval prior to production deployment
  • Final IT approvals for code migration
  • Valid change requests and proper documentation
  • Business and IT approval workflows
• Review support messages for emergency changes and validate UAT results

 Firefighter ID (FFID) Usage Oversight

• Monitor and review Firefighter account activity across SAP systems
• Update weekly scorecards and audit repositories
• Send re-confirmation emails to business owners
• Track exception approvals and ensure compliance documentation
• Conduct Firefighter uPerform training sessions

 Audit Coordination

• Respond to adhoc audit requests including:
  • IT SOX, financial compliance, integrated audits, statutory audits
• Support internal and external audit teams with required documentation

 Access and Account Management

• Monitor default, generic, and shared accounts for compliance
• Review privileged access and critical transactions in SAP
• Validate batch job and interface processes
• Conduct annual user access reviews and remediate findings
• Ensure timely removal of terminated users and inactive accounts
• Perform SoD checks and validate dialog account validity dates

 Admin and Developer Access Control

• Restrict super user access for system and security administrators
• Monitor developer access to ensure no production deployment rights
• Track code changes in test/QA environments

 Reporting and Documentation

• Generate SM20 reports for FFID usage on sensitive transactions
• Monitor system configuration changes and login attempts
• Maintain audit repositories and compliance logs

 Operational Oversight

• Submit weekly status reports and time tracking
• Validate and update approver lists for access and change requests
• Ensure compliance with corporate password management policies
• Restrict access to critical application/data files and utilities

 Required Qualifications

• Bachelor’s degree in information systems, or related field
• 2+ years of experience in IT audit, compliance, or risk management
• Strong understanding of SOX, SAP security, and access controls
• Familiarity with Firefighter ID management and SM20 reporting
• Experience with GRC  ARM , GRC SoD analysis, and batch job monitoring
• Excellent documentation and communication skills
• Ability to manage multiple audits and compliance tasks simultaneously