Senior IT Governance Analyst

Job Description:

The IT Governance Analyst will be responsible for contributing to the governance, risk management, and compliance functions within the Information Services organization. This role involves developing and implementing policies, procedures, and controls to ensure compliance with regulatory requirements and industry standards.

Essential job duties and responsibilities include:

• Develop risk, compliance, and assurance monitoring and measurement strategies
• Oversee and conduct technology program and project audits and communicate status and risk to business stakeholders
• Determine the operational and business risk impacts of cybersecurity lapses
• Determine if procurement activities sufficiently address supply chain risks and recommend improvements to address cybersecurity requirements
• Conduct comprehensive IT audits focused on Sarbanes-Oxley (SOX), IT General Controls (ITGC), and other frameworks
• Develop and implement independent cybersecurity audit processes for application software, networks, and systems
• Coordinate and track remediation of all gaps identified as part of the Due Diligence (DD) process
• Work with internal IT Teams and third-party vendors to track key findings from risk assessments, from discovery to remediation
• Assist in maintaining a secure enterprise environment across the AAON technical landscape; leverage specific or broad in-depth technical skillsets to achieve this outcome
• Communicate clearly, diplomatically and effectively at all levels of the organization and to audiences with varying degrees of process and technical knowledge
• Execute tasks in a high-pressure environment and multi-task | Experience working in a team-oriented, matrixed, collaborative environment while using analytical and problem-solving skills.
• Ensure alignment with organizational goals and regulatory requirements.
• Facilitate the development and implementation of corporate governance strategies.
• Identify, assess, and prioritize risks across the organization.
• Develop risk mitigation strategies and action plans.
• Monitor and report on risk management activities and outcomes.
• Ensure compliance with relevant laws, regulations, and industry standards.
• Conduct regular compliance audits and assessments.
• Develop and deliver compliance training programs for employees.
• Collaborate with IT and security teams to ensure data protection and cybersecurity measures are in place.
• Monitor and respond to security incidents and breaches.
• Maintain and update information security policies and procedures.
• Other duties as assigned.

Qualifications: Preferred but not required qualifications include

• Bachelor’s degree in Business Administration, Risk Management, Information Security, or a related field.
• Minimum of 5 years of experience in business process analysis
• Strong knowledge of regulatory requirements and industry standards (e.g., ISO 27001, GDPR, SOX).
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills.
• Professional certifications such as CISSP, CISM, CRISC, or similar are preferred.
• Demonstrate strong writing skills.

Disclaimer:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at a time with or without notice. This job description is not an exhaustive list of all functions that the employee may be required to perform, and the employee may be required to perform additional functions. The company reserves the right to revise this job description at any time. The employee must be able to perform the essential functions of the position satisfactorily. If requested, reasonable accommodations may be made to enable employees with disabilities to perform the essential functions of the job, absent undue hardship.