Senior Analyst, IT Internal Control Position Available In Fulton, Georgia
Tallo's Job Summary: The Senior Analyst, IT Internal Control position at Bluefin Payment Systems involves developing and maintaining internal controls for the IT system. Responsibilities include identifying process risks, evaluating control effectiveness, and ensuring compliance with regulatory requirements such as PCI-DSS and GDPR. The ideal candidate will have experience in IT process risk assessments, internal control design, and information security management systems audits. This role reports to the SVP, Internal Control and requires a Bachelor's degree in IT, Information Security, Accounting, or related field, along with 5+ years of experience in IT audit, internal control, or GRC.
Job Description
Senior Analyst, IT Internal Control
We are seeking a Senior Analyst, IT Internal Control to further develop and maintain the Bluefin IT system of internal controls, following internal control framework guidance, regulatory requirements, and industry best practices. The Senior Analyst, IT Internal Control will work with functional area leadership to identify and assess key process risks and evaluate internal control effectiveness. This role reports to the SVP, Internal Control. The ideal candidate will have experience in the following areas: Facilitating and conducting IT process risk assessments, testing internal control design and operational effectiveness, and identifying control gaps.
Conducting information security management systems (ISMS) reviews/audits.
Experience in the payment/data security and/or payment processing environments, familiarity with the PCI-DSS and PCI-P2PE, and a working knowledge of SOC 2 and
ISO 27001
certification. Essential Duties and Responsibilities
Include the following and other duties may be assigned:
Facilitate and review IT process risk assessments conducted by functional area leadership.
Evaluate and test IT internal controls design and operational effectiveness.
Identify, report, and monitor remediation of IT internal control gaps.
Ensure compliance with regulatory requirements (e.g., PCI-DSS, PCI-P2PE, GDPR, etc.).
Identify opportunities for process improvements to enhance IT internal controls.
Conduct internal review/audit of the information security management system (ISMS). Assist management in the identification and selection of a new GRC/IRM tool replacement, and implementation efforts.
Assume business owner duties for internally built tool, Risk and Control (RAC) Salesforce application, and/or its replacement. Includes management and monitoring of bug remediation and development projects led by Salesforce Administration team or replacement tool vendor.
Generate and/or maintain GRC tool user guides.
Perform analysis to determine proper data validation for all data elements used in projects.
Analyze existing data and database schema.
Generate process flow maps as needed for process improvement projects. Skills and Qualifications
To perform this job successfully, the individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be provided to enable individuals with disabilities to perform the essential functions:
Strong knowledge of internal control frameworks (e.g., COSO, COBIT, etc.).
Knowledge and experience with security compliance frameworks (e.g., SOC 2, ISO 27001)
Experience performing IT internal audits
Strong knowledge of Microsoft Visio.
Experience / strong working knowledge of relational databases. Experience working multiple concurrent projects.
Meticulous attention to detail to ensure accuracy and completeness of documentation.
Strong interpersonal skills, including verbal and written skills.
Demonstrated ability to facilitate collaborative discussions.
Ability to work independently, take initiative, and contribute to new ideas required in a diverse, fast-paced, deadline-driven team environment.
Experience discussing and presenting ideas to technical and non-technical audiences.
Organizational and analytic skills, with strong problem-solving ability.
Experience using common business software such as Word, PowerPoint, and Excel
Computer Skills:
Advanced computer skills in Word, Excel, Outlook, and Salesforce with the ability to multi-task. The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform other related duties, as assigned by their supervisor.
Additional Qualifications:
Understanding developer logic, ability to think logically, and understanding of software limitations.
Working knowledge of user acceptance testing
Education/Experience Bachelor’s degree or equivalent (e.g., Information Technology, Information Security, Accounting, or related field).
5+ years’ experience in IT audit, internal control, GRC, or related areas. Professional certifications (e.g., CISA, CIA, CRISC, CRMA) are a plus
Knowledge of payment/data security and/or payment processing industries preferred. About Bluefin Payment Systems
Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data. Our product suite includes solutions for contactless, face-to-face, call center, mobile, Ecommerce and unattended payments and data in the healthcare, higher education, government and nonprofit industries. The company’s 200 global partners serve 34,000 enterprise and software clients operating in 55 countries. Bluefin is a Participating Organization (PO) of the PCI Security Standards Council (SSC) and is headquartered in Atlanta, with offices in Ireland, Austria and Slovakia.
