IT Risk and Compliance Analyst

We are offering an opportunity for an IT Risk and Compliance Analyst in the Oil & Gas - Explor & Prod industry, located in Jurupa Valley, California. This role focuses on managing IT compliance activities, overseeing the development and maintenance of System Security Plans (SSPs), managing Plan of Action and Milestones (POAMs), and ensuring adherence to Sarbanes-Oxley Act (SOX) requirements related to IT controls.

Responsibilities:

• Lead all IT compliance activities at the site, aligning with regulatory requirements.
• Develop and maintain System Security Plans (SSPs) to document security controls and procedures for IT systems.
• Manage Plan of Action and Milestones (POAM) to address identified vulnerabilities and deficiencies in IT systems.
• Coordinate with cross-functional teams to ensure timely completion of compliance tasks and milestones.
• Manage and execute IT controls testing in accordance with SOX requirements.
• Work closely with internal and external auditors to facilitate SOX compliance audits and reviews.
• Conduct risk assessments to identify potential IT compliance risks and vulnerabilities.
• Develop and implement risk mitigation strategies and controls to address identified risks.
• Monitor and report on the effectiveness of risk mitigation efforts to senior management and stakeholders.
• Develop and update IT compliance policies, procedures, and guidelines in line with regulatory requirements and industry best practices.
• Ensure that IT and data management practices align with Controlled Unclassified Information (CUI) and Cybersecurity Maturity Model Certification (CMMC) requirements, including data encryption, access controls, and incident response procedures.
• Develop and document IT and data management processes and procedures to ensure consistency and efficiency.
• Assess risks related to IT assets and data assets, including vulnerabilities, threats, and potential impacts.
• Implement risk mitigation strategies to minimize the likelihood and impact of security incidents or data breaches. • Minimum of 5 years of experience in IT Risk and Compliance within the Oil & Gas industry
• Proficiency in Compliance, DFARS, Governance Risk Compliance (eGRC), GRC, and Audit - Information Systems
• Profound knowledge and experience in SOX - Sarbanes-Oxley, NIST, NIST 800-53, and NIST Special Publication 800-53
• Certified Information Systems Auditor (CISA) certification is required
• Strong understanding of Information security management
• Certified in Risk and Information Systems Control (CRISC) certification is desirable
• Familiarity with ITIL - IT Infrastructure Library and ITIL Processes
• Experience in Cybersecurity compliance is needed
• Must have a DoD Security Clearance or Government Security Clearance
• Comprehensive knowledge in System Security and Compliance Risk
• Must have the ability to work efficiently in a fast-paced environment
• Strong written and verbal communication skills
• Demonstrated ability to manage multiple tasks and deadlines
• Proven problem-solving abilities and attention to detail
• Bachelor's degree in Computer Science, Information Systems, or a related field.