Remote - Lead Audit/Compliance Analyst
Largeton Group · United States · 2 days ago
RemoteRemoteLegalContract
Key Responsibilities
- Plan, coordinate, and facilitate RCSA working sessions.
- Create agendas, discussion materials, action trackers, and follow-up documentation.
- Capture workshop outcomes, decisions, open items, owners, and target dates.
- Track action items through resolution and escalate delays or unresolved matters as appropriate.
- Promote consistency in how risks, controls, gaps, and remediation actions are documented.
- Review existing RCSA documentation against applicable standards and control documentation requirements.
- Audit existing control documentation for clarity and appropriateness.
- Identify missing, outdated, duplicative, unclear, or unsupported control documentation.
- Work with Technology and First Line of Defense stakeholders to address documentation gaps.
- Document gap assessment results, proposed remediation actions, and closure status.
- Review existing control language and propose enhancements to improve precision and auditability.
- Ensure control statements clearly describe the control activity, owner, frequency, scope, evidence, and expected outcome.
- Distinguish true control activities from process steps, procedures, standards, or general oversight activities.
- Vet proposed enhancements with First Line of Defense stakeholders and incorporate feedback.
- Support finalization of revised control language for review and approval.
- Review testing scripts against revised or proposed control articulation.
- Assess whether test steps align to the control objective, frequency, evidence, population, sampling approach, and expected result.
- Identify testing-script gaps, including unclear procedures, incomplete evidence requirements, weak sampling guidance, or unsupported conclusions.
- Recommend practical testing-script uplifts.
- Afford support for Technology control testing where warranted, including evidence review, test execution support, exception documentation, and results validation.
- Maintain the RCM inventory for assigned Technology processes and control areas.
- Ensure RCMs reflect current risks, controls, owners, frequencies, evidence requirements, testing expectations, and process linkages.
- Help update RCMs and process maps to reflect current-state processes, control points, systems, handoffs, and ownership.
- Maintain traceability between RCSA documentation, RCMs, process maps, testing scripts, issues, and change records.
- Support change management protocols for updates to control documentation, RCMs, testing scripts, and process maps.
- Cook up stakeholder review, approvals, version control, change logs, and implementation tracking.
Job Experience
- Experience facilitating workshops and/or leading walkthroughs with Technology stakeholders, control owners, process owners, risk partners, and First Line of Defense teams.
- Strong experience reviewing risk and control documentation against standards and identifying gaps.
- Experience drafting or enhancing control language to improve clarity, completeness, testability, and auditability.
- Experience reviewing testing scripts and recommending improvements.
- Familiarity with RCM inventory management, process mapping, control libraries, risk taxonomies, and change management protocols.
- Experience with Technology control domains such as access management, change management, cybersecurity, infrastructure, applications, data protection, IT operations, or third-party technology risk.
Must-Have Requirements
- Strong understanding of RCSA methodology, risk and control concepts, control design, testing, issues, and remediation.
- Experience in technology risk management, IT controls, operational risk, RCSA execution, control testing, internal audit, risk governance, or related disciplines.
- Ability to facilitate structured workshops and drive open items to resolution.
- Strong documentation skills and ability to write clear, testable control language.
- Ability to identify gaps between current-state documentation and standard requirements.
- Strong analytical skills with attention to detail.
- Ability to translate technical Technology processes into clear risk and control language.
- Strong stakeholder management and communication skills.
- Ability to work effectively with First Line of Defense teams and Technology SMEs.
- Ability to manage multiple deliverables and produce high-quality work within agreed timelines.