Audit & Compliance Analyst
$100,000–$125,000 year
Hybrid · Richmond, Virginia, United States or Lynchburg, Virginia, United States
Job Summary
Coordinate and administer the ServiceNow Policy and Compliance modules, ensuring accurate configuration, maintenance, and effective day-to-day operation; implement continuous monitoring, attestations, and control testing; collaborate with Information Security, Risk, Compliance, Legal, Audit, IT, and business stakeholders to support enterprise policy and compliance initiatives; automate policy lifecycle activities; develop dashboards and metrics for leadership; support audits and regulatory inquiries; maintain SOPs and documentation; operate in a distributed, virtual team; manage priorities and deliverables.
Required Qualifications
- Bachelor’s degree in Information Technology, Computer Science, or a related field preferred (In lieu of a degree, demonstrated IT or cybersecurity experience will be considered)
- Demonstrated understanding of cybersecurity risks, controls, and industry frameworks (e.g., NIST SP 800 53, NIST Cybersecurity Framework, ISO/IEC 27001)
- At least 3 years’ experience with ServiceNow GRC/IRM and ideally ServiceNow ITSM modules
- Practical experience applying governance, risk, and compliance (GRC) principles
- Familiarity with governance tools such as the Unified Control Framework (UCF) and SIG
- Strong collaboration, interpersonal, and communication skills, with the ability to work effectively across technical and non technical stakeholders
- Understanding of project management principles and the Software Development Lifecycle (SDLC)
- Strong written and verbal communication skills with a focus on clarity, quality, and professionalism
- Demonstrated commitment to continuous improvement and process optimization
- Relevant cybersecurity or IT certifications (e.g., Security+, CISA, NIST CSF, PMP, CGRC, CISSP or CISM)
- Experience partnering with Risk, Compliance, Legal, and Internal Audit teams
- Familiarity with regulatory and assurance frameworks such as HIPAA, Sarbanes Oxley (SOX), NY DFS, SOC 1, and SOC 2
Desired Qualifications
- Bachelor’s degree in Information Technology, Computer Science, or a related field preferred (In lieu of a degree, demonstrated IT or cybersecurity experience will be considered)
- Demonstrated understanding of cybersecurity risks, controls, and industry frameworks (e.g., NIST SP 800 53, NIST Cybersecurity Framework, ISO/IEC 27001)
- At least 3 years’ experience with ServiceNow GRC/IRM and ideally ServiceNow ITSM modules
- Practical experience applying governance, risk, and compliance (GRC) principles
- Familiarity with governance tools such as the Unified Control Framework (UCF) and SIG
- Strong collaboration, interpersonal, and communication skills, with the ability to work effectively across technical and non technical stakeholders
- Understanding of project management principles and the Software Development Lifecycle (SDLC)
- Strong written and verbal communication skills with a focus on clarity, quality, and professionalism
- Demonstrated commitment to continuous improvement and process optimization
- Relevant cybersecurity or IT certifications (e.g., Security+, CISA, NIST CSF, PMP, CGRC, CISSP or CISM)
- Experience partnering with Risk, Compliance, Legal, and Internal Audit teams
- Familiarity with regulatory and assurance frameworks such as HIPAA, Sarbanes Oxley (SOX), NY DFS, SOC 1, and SOC 2
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.