Senior IT Audit and Compliance Analyst

• Review internal cybersecurity policies and procedures annually to ensure alignment with regulatory standards.
• Maintain audit logs, control matrices, and centralized evidence repositories.
• Review authorization and assurance documents to confirm acceptable risk levels for systems and applications.
• Ensure implementation and functionality of security requirements and IT policies consistent with organizational goals.
• Prepare and manage audit evidence packages for internal and external audits.
• Evaluate the cost-effectiveness of security controls and recommend optimized risk mitigation strategies.
• Explore and implement risk transfer mechanisms such as cybersecurity insurance.
• Support third-party risk management efforts and ensure compliance with applicable regulations and policies.
• Collect, organize, and validate ITGC evidence across infrastructure and applications (e.g., Active Directory, SQL, JDE).
• Align cybersecurity risk management strategies with organizational goals and business objectives.
• Assess and prioritize cybersecurity risks across critical business systems and processes.
• Perform risk analysis when systems undergo major changes.
• Coordinate with system owners and administrators to retrieve and verify access control data.
• Build and manage remediation plans for risks identified during assessments, audits, and inspections.
• Conduct security reviews and identify gaps in security architecture, recommending mitigation strategies.
• Track audit timelines and ensure timely delivery of required documentation.
• Serve as the primary point of contact for third-party auditors and internal stakeholders.
• Provide subject matter expertise to internal risk and compliance departments.

Hillwood is seeking an experienced and strategic Senior IT Audit and Compliance Analyst to join our IT Security and Risk team in Dallas, TX. This role serves as a critical bridge between cybersecurity risk management and ITGC audit coordination, ensuring the organization maintains compliance with regulatory frameworks while proactively identifying and mitigating cyber risks. The Senior IT Audit and Compliance Analyst will lead efforts to streamline audit readiness, enhance control effectiveness, and support enterprise-wide risk initiatives. This position requires a strong understanding of IT governance, exceptional analytical and communication skills, and the ability to collaborate effectively with both technical teams and business stakeholders. As a key liaison with third-party auditors and internal leadership, the selected individual will play a vital role in safeguarding the organization’s operational integrity and regulatory posture.

• Ability to communicate business risk and mitigation strategies to stakeholders.
• Excellent organizational and communication skills, with the ability to manage multiple priorities.
• CISA, CRISC, CISSP, or CISM certifications are a plus.
• Experience with regulatory compliance and risk management frameworks (e.g., NIST CSF, ISO 27005).
• Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Strong analytical and problem-solving skills with the ability to interpret audit findings and develop remediation strategies.
• Ability to collaborate effectively with cross-functional teams including IT, HR, Finance, and Legal.
• Understanding of access provisioning and deprovisioning workflows.
• Knowledge of regulatory frameworks and standards (e.g., SOX, NIST RMF, ISO 27000, COBIT).
• 5+ years of experience in IT audit, cybersecurity risk management, or enterprise risk management.
• Experience working with GRC platforms (e.g., ServiceNow IRM) and enterprise systems (e.g., Active Directory, SQL, JDE).