Audit/Compliance Analyst: IV (Lead)

The Judge Group
The Judge Group

IT, Compliance / Regulatory

Remote

Posted on Jul 15, 2026

Role Overview

The Audit and Compliance Lead IV is responsible for supporting the governance, execution, enhancement, and documentation maturity of the Technology Risk and Control Self-Assessment (RCSA) program. This role partners closely with Technology teams and First Line of Defense stakeholders to facilitate RCSA workshops, evaluate risks and controls against established standards, identify documentation and control deficiencies, and drive remediation efforts through successful completion.

The individual will play a key role in strengthening the quality and effectiveness of the technology control environment by enhancing control descriptions, assessing control test scripts for alignment with intended control objectives, recommending testing improvements, and maintaining Risk and Control Matrix (RCM) inventories. Additional responsibilities include supporting process mapping, control documentation updates, and change management activities to ensure ongoing compliance with governance and risk management requirements.

This position requires a strong understanding of technology risk management practices and adherence to risk governance standards, including RCSA quality assurance, control testing oversight, evidence-based challenge, stakeholder engagement, and disciplined governance processes.


Key Responsibilities

  • Facilitate Technology RCSA workshops and risk assessment activities with control owners, process owners, Technology SMEs, and First Line of Defense partners.
  • Assess risks, controls, and supporting documentation against enterprise standards and regulatory requirements.
  • Identify documentation, control design, and operational effectiveness gaps and drive corrective actions to closure.
  • Review and enhance control language to improve clarity, consistency, testability, and audit readiness.
  • Evaluate control testing scripts and recommend updates to ensure alignment with control objectives and risk requirements.
  • Maintain and update Risk and Control Matrix (RCM) inventories, control libraries, and related governance artifacts.
  • Support process mapping, control documentation updates, and implementation of change management activities.
  • Provide constructive challenge and oversight to ensure risks and controls are appropriately documented and managed.
  • Collaborate with stakeholders across Technology, Risk, Compliance, Audit, and First Line of Defense teams to strengthen risk management practices.
  • Track, manage, and report on remediation activities, deliverables, and program milestones.

Required Experience

  • 8+ years of experience in Technology Risk Management, IT Controls, Operational Risk, Risk Governance, Internal Audit, Control Testing, RCSA execution, or related risk disciplines.
  • Proven experience facilitating risk assessments, workshops, walkthroughs, and control reviews with Technology and business stakeholders.
  • Strong background in evaluating risk and control documentation and identifying gaps against established standards and frameworks.
  • Experience drafting, reviewing, and enhancing control descriptions and supporting documentation.
  • Demonstrated ability to assess control testing procedures and recommend improvements to testing methodologies.
  • Working knowledge of RCM management, process mapping, control frameworks, risk taxonomies, and change management practices.
  • Experience across one or more technology control domains, including:
    • Identity and Access Management (IAM)
    • Change and Release Management
    • Cybersecurity and Information Security
    • Infrastructure and Cloud Operations
    • Application Controls
    • Data Protection and Privacy
    • IT Operations
    • Third-Party Technology Risk Management

Required Qualifications

  • Deep understanding of RCSA methodology, risk and control frameworks, control design and effectiveness, issue management, and remediation processes.
  • Strong ability to facilitate structured workshops and drive cross-functional teams toward resolution of identified issues.
  • Excellent documentation and technical writing skills, with the ability to create clear, concise, and auditable control language.
  • Ability to identify and assess gaps between current-state processes and established governance requirements.
  • Strong analytical, problem-solving, and critical-thinking skills with exceptional attention to detail.
  • Ability to translate complex technical processes into meaningful risk and control narratives.
  • Strong stakeholder management, communication, and influencing skills.
  • Proven ability to collaborate effectively with Technology SMEs, Risk partners, and First Line of Defense teams.
  • Ability to manage multiple priorities and deliver high-quality results within established timelines.

Preferred Certifications

One or more of the following certifications are preferred:

  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Internal Auditor (CIA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • COBIT Certification
  • ITIL Certification
  • ISO 27001 Lead Implementer or Lead Auditor
  • Relevant Cloud Security Certifications (e.g., AWS, Azure, GCP)
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively “Judge”) to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Apply now