Job Title

IT Infrastructure Controls Senior Analyst

Job Description Summary

: We are looking for a proactive and experienced IT Infrastructure Controls Senior Analyst to join our team. This role will be responsible for gathering, managing, and responding to infrastructure-related audit requests, identifying gaps in infrastructure controls, and addressing control deficiencies. This role works closely with cross-functional teams to ensure that infrastructure controls are aligned with compliance requirements and best practices, while also managing remediation efforts for identified control deficiencies.
The ideal candidate will have a strong background in IT infrastructure, risk management, and control frameworks, with the ability to assess, document, and remediate control gaps in a timely and effective manner. This is a key role in ensuring that our infrastructure is secure, compliant, and operates at optimal efficiency.

This role will work the second shift with working hours from approximately 2pm-10pm or  4pm-12pm PHT, with some flexibility.

Job Description

Responsibilities

Audit Request Management:

Gather and manage infrastructure-related audit requests, ensuring all necessary information is collected in a timely and efficient manner.Coordinate with internal and external auditors to provide required documentation, evidence, and reports related to IT infrastructure controls.Respond to audit inquiries related to infrastructure controls, ensuring full compliance with audit requirements.Track and document the status of audit requests, ensuring that deadlines are met and responses are accurate.

Identification of Control Gaps:

Conduct regular assessments of infrastructure controls (including network security, access management, patching, backups, and system configurations) to identify any gaps or weaknesses.Analyze audit findings, security assessments, and control reviews to identify potential deficiencies in current IT infrastructure controls.Collaborate with IT Operations teams to ensure that any gaps in infrastructure controls are clearly identified, documented, and prioritized for remediation.

Control Deficiency Management:

Lead efforts to manage and remediate identified control deficiencies, working with cross-functional teams to implement corrective actions.Develop and maintain a control deficiency management process, ensuring that deficiencies are tracked, resolved, and documented with appropriate timelines.Provide regular updates to senior management on the status of control deficiencies and remediation efforts.Collaborate with infrastructure, security, and risk management teams to ensure timely and effective resolution of deficiencies.

Compliance & Risk Management:

Ensure that infrastructure controls comply with relevant regulations, industry standards, and internal policies (e.g., SOX, NIST, ISO 27001).Assess risk related to infrastructure control deficiencies and provide recommendations for mitigating identified risks.Participate in risk assessments and vulnerability management processes to ensure infrastructure security and compliance.

Process Improvement & Optimization:

Identify opportunities to improve the efficiency and effectiveness of infrastructure control processes, ensuring that controls are proactively managed and optimized.Recommend and implement improvements in infrastructure control workflows and audit management practices to streamline operations and reduce the risk of deficiencies.Stay updated on industry trends, emerging technologies, and regulatory changes to ensure the infrastructure control framework remains current and effective.

Monitoring & Reporting:

Develop and implement processes for continuous monitoring of infrastructure controls to ensure they are maintained and operate as intended.Create and maintain reports on control effectiveness, audit readiness, and deficiency management progress.Provide regular reports and presentations to leadership on audit activities, control gaps, and remediation efforts.

Collaboration & Knowledge Sharing:

Work closely with IT infrastructure, security, compliance, and other relevant teams to ensure alignment on control requirements and remediation efforts.Provide guidance and support to internal teams on control management, audit processes, and deficiency remediation.Foster a culture of collaboration and continuous improvement, helping teams identify and implement best practices for infrastructure control management.

Required Qualifications:

Degree or equivalent work experience in computer science, information systems, or related field5+ years of experience in IT infrastructure, IT control operations, IT audit management, or related roles, with a focus on infrastructure controls and compliance.Strong understanding of infrastructure systems, including servers, databases, Active Directory, password vault tools and cloud environments (Microsoft Azure).Experience with IT control frameworks such as NIST, ISO 27001, SOX, COBIT, and other industry standards.Strong knowledge of audit processes and methodologies, particularly related to IT infrastructure and control management.Demonstrated ability to identify, document, and manage control deficiencies and remediation activities.Strong analytical skills with the ability to assess risks, identify control gaps, and develop actionable remediation plans.Excellent communication skills, with the ability to interact effectively with both technical and non-technical stakeholders.

Foreign language skills required for filling the position:

English – Intermediate written and oral competency

INCO: “Cushman & Wakefield”