Jobs · Information Technology

IT Risk & Compliance Analyst

Watts Water Technologies · North Andover, MA · 1 wk ago
Information Technology$84k–$94k/yrFull-time

Scope of Position

The IT Risk & Compliance Analyst, as part of the Information Security organization, supports the execution of Watts' IT compliance, audit readiness, cybersecurity findings management, and risk management activities. This role coordinates audit and compliance efforts across Information Security, IT, Internal Audit, business stakeholders, and external assessors while supporting SOX IT General Controls (ITGCs), cybersecurity compliance obligations, and continuous process improvement initiatives. This position reports to the Manager, IT Risk & Compliance. This role is remote and may be based anywhere within the United States.

Primary Job Duties And Responsibilities

  • Coordinate IT compliance, audit-related activities, and cybersecurity findings management efforts across Information Security, IT, Internal Audit, business control owners, and external assessors.
  • Support SOX IT General Controls (ITGC) activities, including planning, evidence collection, documentation review, auditor inquiries, testing support, and issue resolution.
  • Administer and maintain compliance, audit, findings, and risk management information within Optro (AuditBoard) and other systems of record.
  • Track audit findings, remediation plans, risk items, action plans, and stakeholder commitments to ensure timely completion and closure.
  • Assist with compliance and risk management activities related to cybersecurity disclosures, privacy requirements, data protection regulations, and external security assessments.
  • Partner with control owners, process owners, and risk owners to clarify compliance requirements, facilitate evidence collection, and support remediation activities.
  • Monitor timelines, milestones, dependencies, and deliverables across multiple concurrent compliance and audit workstreams.
  • Prepare organized documentation, status reports, metrics, dashboards, and management reporting materials to support decision-making and audit readiness.
  • Maintain accurate records of controls, risks, findings, remediation activities, and supporting evidence.
  • Identify opportunities to improve compliance processes through workflow enhancements, reporting automation, evidence reuse, standardization, and other process improvements.
  • Assist in mapping controls, risks, findings, and supporting documentation to the NIST Cybersecurity Framework and other applicable regulatory frameworks.
  • Collaborate with cross-functional teams to promote compliance awareness, accountability, and continuous improvement across the organization.
  • Maintain confidentiality and exercise discretion when handling sensitive compliance, audit, risk, and cybersecurity information.
  • Assume responsibility for other projects and duties as assigned by the Manager, IT Risk & Compliance or Company management.

Responsibility directly tied to Watts Value: Integrity, Accountability, Continuous Improvement, and Transparency.

Travel Requirements

Approximately 10% travel for meetings, audits, training, and other business-related activities.

Required Qualifications

  • Bachelor's degree in accounting, Finance, Information Systems, Business Administration, Risk Management, Compliance, Cybersecurity, or a related field; or equivalent combination of education and relevant work experience.
  • Three to five years of experience in IT compliance, IT audit, internal audit, risk management, controls, governance, risk and compliance (GRC), or information security compliance.
  • Working knowledge of IT General Controls (ITGCs) and SOX compliance requirements.
  • Experience utilizing GRC, audit management, risk management, ticketing, or evidence management platforms such as Optro (AuditBoard), ServiceNow GRC, Archer, MetricStream, Jira, or similar solutions.
  • Demonstrated ability to coordinate activities across Information Security, IT, Internal Audit, external assessors, and business stakeholders.
  • Strong organizational skills with the ability to manage multiple priorities, deadlines, and workstreams simultaneously.
  • Strong written and verbal communication skills with the ability to present information clearly and professionally.
  • Experience documenting processes, maintaining audit evidence, and supporting compliance activities in a regulated environment.
  • Demonstrated ability to identify process improvement opportunities and contribute to increased efficiency and standardization.
  • Understanding of and adherence to applicable laws, codes, policies, regulations, and security practices and procedures.
  • Must successfully establish employment eligibility and satisfactorily complete background checks and required pre-employment testing as a condition of employment.

Preferred Qualifications

  • Direct experience administering Optro (AuditBoard), including workflows, evidence requests, testing documentation, issue management, risk tracking, dashboards, and reporting.
  • Familiarity with the NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, GDPR, U.S. privacy regulations, and SEC cybersecurity disclosure requirements.
  • Experience coordinating external cybersecurity assessments, penetration testing findings, vulnerability remediation efforts, risk reviews, or security exception processes.
  • Professional certification such as CISA, CRISC, CIA, CISSP, or active pursuit of one of these certifications.
  • Experience utilizing automation and reporting tools such as Power Automate, SQL, Python, APIs, or similar technologies.
  • Experience supporting compliance program implementations, procedural documentation development, stakeholder training, or governance initiatives.

Similar jobs

Risk and Compliance Analyst

Davis Polk & Wardwell LLPNew York, United States· 5 days ago
Legal$100k–$125k/yrapply on davispolk.wd5.myworkdayjobs.com