IT Risk and Compliance Analyst

Paylocity is an equal opportunity employer.
Paylocity is a cloud-based software company that creates customized HR solutions for small to mid-sized organizations. Our workplace enhances communication and enables employees to connect, collaborate, and create from anywhere. Our award-winning culture ensures everyone has a voice and feels truly welcome. Join Paylocity as we shape the future of technology and the workplace!
We give our employees what they need to succeed, including great benefits and perks! We offer medical, dental, vision, life, disability, and a 401(k) match, as well as perks that support you, your family, and your finances. And if it's career development you desire, we provide that, too! At Paylocity, people matter most and have always been at the heart of our business.
When you feel like you belong, work is no longer work - it's personal. At Paylocity, we believe better employees lead to better companies. Workplaces and cultures that care will build the future, and at Paylocity, we're doing just that. Join us as we change the future and transform your career!
Position Overview
As a IT Risk & Compliance Analyst, you will assist with driving the transformation of the company's IT compliance program by supporting the execution of internal and external assessments associated with current and emerging regulations and standards including SOX, SSAE 18 (SOC), ISO27001, and HIPAA. The person in this role will work closely with individuals across the organization to understand existing IT policies, procedures and processes and provide insights related to applicable risk areas, mitigations, process improvements, and control recommendations.
Primary Responsibilities

• Assess compliance with policies, standards, and regulations through the performance of risk assessments and controls testing and provide recommendations related to non-compliance areas requiring remediation including follow-up to ensure completion.
• Support coordination of internal and external audits with IT process owners and other key stakeholders including facilitating evidence collection and other requests from audit teams related to SOX, SSAE 18 (SOC), ISO27001, and HIPAA.
• Enhance centralized compliance repository including maintaining process and controls documentation, workflows, diagrams, and training materials/manuals related to IT processes.
• Monitor existing risk and controls framework for emerging risks including evaluating applicability to the company and providing control recommendations, where applicable, to align with the company's risk tolerance level.
• Identify improvement opportunities and provide recommendations to further mature existing IT processes and controls to align with best practices including use of automation and optimization.
• Serve as a subject matter resource to assess compliance implications related to technical implementations and other IT projects and execute pre-implementation reviews.
• Assist in designing continuous controls monitoring program utilizing GRC solution, dashboards, analytics, automation, and other supporting tools.
• Prepare ongoing reports with specified metrics/key performance indicators related to compliance activities, audit results, remediation plans, and other compliance efforts and present to IT and executive management.
• Assist in educating and training individuals across the organization including control and process owners related to compliance concepts, requirements, and responsibilities and establish awareness regarding role of the overall compliance function.
• Other duties as assigned.

Education and Experience

• 2-4 years progressive experience ideally with a Public Accounting firm or Software-as-a-Service (SaaS) company in one or more of the following areas: IT Compliance, IT Audit, IT Risk Management, and IT Governance
• Bachelor's degree in Information Security, Computer Science, Information Systems, or Accounting
• Knowledge and experience with regulatory frameworks and compliance standards such as SOX, SSAE 18 (SOC), COBIT, NIST, ISO, HIPAA, etc.
• Experience with performing technical risk assessments, analyzing risk, and providing recommendations on risk mitigation strategies
• Experience working and collaborating effectively with executives, technical subject matter experts, and internal/external auditors in gathering information and demonstrating compliance with standards.
• Experience with the monitoring and evaluation of technology processes and controls including design and operating effectiveness testing and reporting on results and recommendations
• Project management and organizational skills with demonstrated ability to complete assignments timely and effectively
• Experience with creating and maintaining high quality documentation related to IT processes including flow charts and data flow diagrams preferred
• One or more of the following professional designations preferred: CISA, CISSP, CRISC, CGEIT, CISM, CPA

Paylocity is an equal opportunity employer.
Paylocity is committed to the full inclusion of all individuals. We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. To request reasonable accommodation in the job application or interview process, please contact [email protected] .
This role can be performed from any office in the US. The pay range for this position is $82,352-115,302/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus and restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers .