Job Expired

The Opportunity

The Senior Analyst, Information Technology Internal Controls role is responsible for supporting IT in managing and assuring operational effectiveness of compliance controls. The Senior Analyst provides guidance related to IT best practices, proper hygiene, and compliance requirements (e.g., SOX). New implementations as well as operational maintenance of existing business-critical applications will be examined. The role extends to any part of the business that has risk associated with information assets. The senior analyst reports directly to the Director, IT Internal Controls.

Who We Are

At Qurate Retail Group, we believe in a Third Way to Shop® – beyond transactional e-commerce or traditional brick-and-mortar stores – for customers who crave engaging shopping experiences. We’re a select group of like-minded businesses that provide customers with curated collections of unique products, made personal and relevant by the power of storytelling. We combine the best of retail, media, and social to curate experiences, conversations, and communities for millions of highly discerning shoppers. We bring joy, inspiration, and humanity to shopping.

Your Impact

  • Advise technology team on control design and best practices and ongoing maintenance of the company’s Risk and Controls Matrix
  • Execute and review testing to validate compliance policies are be followed (primarily SOX)
  • Conduct assessments/audits to confirm operational effectiveness of IT general controls and identify risk.
  • Provide risk metrics to management regarding audit performance and findings
  • Assist control owners with root cause analysis and track risk management action plan progress
  • Guide efforts to create common control framework and uniform compliance reporting standard.
  • Perform examination of security controls to determine design and operational effectiveness.
  • Plan and review, annually, the risks influencing the effectiveness of information security risk management.
  • Evaluate risk assessments conducted by the business owners and support functions to incorporate relevant risks and associated tests in assessment plans.
  • Conduct and review testing on behalf of management independent of the audit schedule for additional assurance and efficiency.
  • Prepare the communications schedule with all stakeholders — CISO, CIO, CFO, IA, etc.
  • Identify and track assessment/audit performance metrics.
  • Implement and supervise the issue tracking and resolution process.
  • Review third-party attestation and audit reports, and provide feedback to business leaders and risk owners.

What you Bring

  • Bachelors Degree or Higher in Accounting, Finance, or Related Field
  • 5+ years of broad risk, compliance or IT controls experience
  • 2+ years of audit/assessment experience with SOX (PCI,NIST CSF, HIPAA, ISO, or other cybersecurity frameworks a plus
  • Certified Information Security Auditor (CISA)
  • PMI Project Management Professional (PMP)


Job ID: R58524-EN

More Information

  • This job has expired!

Leave your thoughts