About the role:
The IT Controls Analyst will play a key role in helping establish our security team at Grocery Outlet. We are looking for an individual who can balance technical and business risk to meet goals and compliance requirements. This will include implementing the controls, policies and procedures related to user access, change management, system development life cycle (SDLC), IT infrastructure and information security of financial reporting in scope systems. You will have an important role in branding Internal Audit services, championing IT controls and governance concepts throughout the business. The IT Controls Analyst reports to the Director of Information Security.
Day-to-day responsibilities include:
* Create, improve and enforce IT general controls (ITGC), policies and industry best practices that relate to compliance and risk governance.
* Lead efforts to create and improve existing audit policies, procedures and documentation using tools and automation, in collaboration with subject matter experts around the company, providing guidance on risk management best practices.
* Plan and lead monthly and quarterly internal, as well as annual external, security and compliance audits by preparing, interviewing, creating and analyzing audit results and writing reports.
* Maintain corrective action and improvement tracker, ensuring accuracy and completeness of information and making changes to improve usability and reporting.
* Leads business partners in tracking internal audit observations to resolutions.
* Participate in system development audits to ensure controls are considered and implemented as part of the system development life cycle process.
* Evaluate if security vulnerabilities are properly identified and mitigated. Coordinate the scope and performance of these reviews with business units and external security consultants.
* Design, test, and document controls for IT compliance with PCI and other financial reporting requirements.
* Evaluate the adequacy and effectiveness of IT controls relating to compliance, change management, information security, system backup and recovery, business continuity and disaster recovery.
* Recommends changes to the audit program as needed based on changes in the environment.
* Other duties as assigned.
* Bachelor's degree or additional certification, such as Certificated Internal Auditor (CIA), Certified Information Systems Auditor (CISA) or comparable is desired.
* 5+ years of related, applicable experience in information systems or cyber security auditing. Applicable experience would include a mixture of public accounting (Big 4) information systems, external auditor and IT Internal Audit function.
* Experience implementing and following security frameworks or compliance standards, such as PCI-DSS, CIS CSC, COBIT, etc.
* Strong understanding of IT, engineering processes and cloud operational environment is a plus.
* Experience with agile project management techniques is a plus.
* Highly detail oriented, with a strong propensity for high quality work product.
* Motivated self-starter who works well individually and in teams.
* Ability to engage and collaborate with employees to leverage controls to help the organization succeed.
* Experience writing reports, policies, standards, procedures, guidelines and implementing controls.
* Outstanding interpersonal, written and verbal communication and collaboration skills.
* Ability to discuss technical topics with technical and non-technical audiences, including senior management.
About Grocery Outlet:
Grocery Outlet (www.groceryoutlet.com) is the leading extreme value retailer in the United States, serving bargain-seeking customers since 1946. The Grocery Outlet Bargain Market brand currently includes over 300 independently operated stores in California, Nevada, Oregon, Idaho, Washington and Pennsylvania. Privately held, Grocery Outlet generates annual revenues exceeding $2 Billion and employs nearly 1,000 people across the US. Headquartered in Emeryville, California, Grocery Outlet has been family operated for over 70 years and has a rich history of putting customers and employees first.