Business Analyst (Specialist)
NES Fircroft
Calgary
CAD 70,000 - 110,000
Job description
Job Title: Business Analyst – IT Compliance & Risk Management
Location: Calgary, AB
Department: IS Performance
Job Summary:
We are seeking a skilled and detail-oriented Business Analyst with expertise in IT compliance, risk management, and financial reporting systems to support our Sarbanes-Oxley (SOX) IT compliance efforts. The ideal candidate will have strong technical knowledge in IT General Controls (ITGCs), SOX compliance frameworks, and risk management methodologies. You will play a pivotal role in evaluating and enhancing our IT controls, ensuring that systems and processes adhere to required compliance standards. Your ability to analyze complex IT environments, identify control gaps, and provide actionable insights will be critical to ensuring the effectiveness of our internal controls and operational processes.
Key Responsibilities:
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
Location: Calgary, AB
Department: IS Performance
Job Summary:
We are seeking a skilled and detail-oriented Business Analyst with expertise in IT compliance, risk management, and financial reporting systems to support our Sarbanes-Oxley (SOX) IT compliance efforts. The ideal candidate will have strong technical knowledge in IT General Controls (ITGCs), SOX compliance frameworks, and risk management methodologies. You will play a pivotal role in evaluating and enhancing our IT controls, ensuring that systems and processes adhere to required compliance standards. Your ability to analyze complex IT environments, identify control gaps, and provide actionable insights will be critical to ensuring the effectiveness of our internal controls and operational processes.
Key Responsibilities:
- IT Control Evaluation & Risk Management:
- Evaluate the effectiveness of IT General Controls (ITGCs), including access management, change management, backup & recovery, and system operations.
- Assess financial reporting risks related to IT and implement risk mitigation strategies.
- Conduct control testing and identify deficiencies, providing solutions for remediation.
- Perform root cause analysis of issues and recommend corrective actions to enhance compliance.
- SOX Compliance & Audit Support:
- Ensure IT systems and processes are compliant with Sarbanes-Oxley (SOX 404) requirements, focusing on IT control frameworks.
- Support internal and external audits by preparing and reviewing audit documentation, evidence, and reports.
- Review and ensure alignment with compliance frameworks such as COSO, COBIT, NIST, and ISO 27001.
- Maintain and update documentation on SOX controls and compliance activities.
- Identity & Access Management (IAM):
- Oversee user access reviews (UARs), role-based access control (RBAC), and privileged access management (PAM) to ensure compliance with security standards.
- Manage IAM processes and tools such as SailPoint and Okta to ensure efficient and secure access control management.
- Data Analytics & Reporting:
- Use tools such as Excel, Power BI, SQL, and GRC platforms (e.g., ServiceNow GRC, AuditBoard) to analyze IT control effectiveness.
- Create and present regular reports on the status of IT compliance, audit findings, and remediation progress.
- Collaboration & Cross-Functional Coordination:
- Work closely with IT, Finance, Security, and Internal Audit teams to ensure alignment on compliance activities.
- Communicate audit findings and recommendations clearly to non-technical stakeholders.
- Process Improvement & Automation:
- Identify opportunities for process improvements in SOX IT compliance procedures, particularly through automation.
- Leverage tools like RPA (UiPath, Automation Anywhere) to streamline compliance activities and improve efficiency.
- Technical Expertise:
- Strong understanding of IT General Controls (ITGCs) and IT compliance frameworks (COSO, COBIT, NIST, ISO 27001).
- Familiarity with SOX compliance requirements and financial system controls (SAP, Workday).
- Experience with Identity & Access Management (IAM) tools (e.g., SailPoint, Okta) and methodologies.
- Proficiency in Excel (pivot tables, VLOOKUP), SQL, and Power BI for data analysis and reporting.
- Experience with GRC platforms like ServiceNow GRC, AuditBoard, RSA Archer, ZenGRC.
- Analytical & Problem-Solving Skills:
- Ability to assess IT control design and effectiveness.
- Strong critical thinking and problem-solving skills to identify and address compliance gaps.
- Ability to perform issue remediation and recommend practical solutions.
- Communication & Collaboration:
- Exceptional communication skills to explain complex IT compliance concepts to non-technical audiences.
- Proven ability to collaborate with cross-functional teams, including IT, Finance, and Internal Audit.
- Project Management:
- Experience managing SOX testing timelines, evidence collection, and remediation activities.
- High attention to detail to ensure accuracy in audit reports and compliance documentation.
- Certifications:
- Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), or Certified in Risk and Information Systems Control (CRISC) certifications are highly desirable.
- Additional Skills:
- Familiarity with cloud compliance frameworks (AWS, Azure, GCP).
- Experience with automation tools for compliance (RPA tools such as UiPath or Automation Anywhere).
- Knowledge of cybersecurity best practices and their impact on SOX compliance.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
