Senior IT Compliance Analyst

At ITT, we have a clear purpose as an organization – to provide our customers with cutting-edge solutions to help solve their most critical needs across key global end markets. Our continuous improvement mindset drives our commitment to evolving our capabilities as a multi-industrial technology, manufacturing and engineering leader. With a strong global footprint of more than 100 facilities, we are well positioned to solve critical challenges for our customers around the world. Our locations include manufacturing facilities and global service capabilities in 35 countries. Through these worldwide operations and building on our heritage of innovation, our approximately ~11,000 team members partner with our customers to deliver enduring solutions that make a lasting difference and help the world move forward. ITT is headquartered in Stamford, CT, with sales in approximately 125 countries. The company generated 2024 revenues of $3.6 billion. 

• Motion Technologies: (Revenue of $1.4B; headcount of ~ 4,000; operates in 13 countries) manufactures brake components and specialized sealing solutions, shock absorbers and damping technologies primarily for the global automotive, truck and trailer, public bus and rail transportation markets. 
• Industrial Process: (Revenue of $1.4B; headcount of ~3,400; operates in 30 countries) manufactures engineered fluid process equipment serving a diversified mix of customers in global industries such as chemical, energy, mining, and other industrial process markets and is a provider of plant optimization and efficiency solutions and aftermarket services and parts. 
• Connect and Control Technologies: (Revenue of $0.8B; headcount of ~ 3,800; operates in 10 countries) manufactures harsh-environment connector solutions, critical energy absorption, flow control components, and composite materials for the aerospace and defense, general industrial, medical, and energy markets.

This role focuses on ensuring the Information Technology's function is compliant with various compliance frameworks such as Sarbanes-Oxley (SOX), ISO27001, NIST , NIS2 and similar regulatory frameworks by assessing, auditing and monitoring IT systems, processes and controls to ensure they adhere to the relevant frameworks.

The position requires close collaboration with internal IT teams, external and internal auditors, IT leadership, and multiple departments globally to:

• Lead compliance assessments
• Identify gaps, potential compensating controls / mitigations
• Provide clarity on compliance status
• Define action plans to remediate gaps or enhance compliance posture
• Act as a project manager to own, lead and facilitate remediation / improvement efforts.

For a person to be successful in this role, they will need to be highly driven ("high motor"), able to balance multiple  active priorities, detail oriented, planful, comfortable in searching out and addressing ambiguity, able to consistently deliver results to achieve intended business outcomes, persists with a naturally curious and highly accountable mindset, and approaches situations in a thoughtful and process-oriented manner. 

This role comes with an enormous opportunity to gain experience professionally, functionally, technically, and personally in an efficient and collaborative team atmosphere with global reach.

• Work closely across a developed network of relationships that span functions, Value Centers, geographies and third- party partners.
• Work and follow up with designated control owners to have control evidence collected in a timely fashion.
• Facilitate communication and alignment among the auditors and the control owners.
• Act as single point of contact to manage audit escalations.
• Prepare reports/trackers to help the control owners plan for the evidence extraction and submission to the auditors.
• Conduct audits and assessments of IT systems and processes against compliance frameworks.
• Prepare documentation and evidence for internal and external audits.
• Collaborate with IT leadership and stakeholders to address compliance gaps.
• Work with the control owners to develop and implement remediation plans for identified control gaps and or deficiencies. Drive the implementation of risk-mitigation/corrective actions as appropriate.
• Evaluate and test internal controls, conduct risk assessments and gap analyses, collaborate with the ITT control owners and the auditors to address compliance issues.
• Maintain knowledge of evolving compliance requirements and update processes accordingly.
• Support the walkthroughs and assessments, including tests of design and tests of effectiveness.
• Create and maintain detailed documentation of IT control processes, narratives, risk and control matrices.
• Define and implement repeatable practices and processes based on identified risks and/or result from internal control testing.
• Collaborate with internal and external auditors to support audit activities and provide necessary documentation.
• Participate in projects, as a functional lead, when executing the integration of business units into SOX compliance.
• Act as primary administrator of the internal compliance tools to support the audit process and maintain the evidence inventory for future reference.
• Prepare and present reports on IT compliance status, findings, remediation actions and recommendations to senior management. Enhance/create Power-BI reports and present detailed status reports
• Expand the assessment of ITT's internal systems for all compliance frameworks, as requested.
• Assist with other compliance efforts, as requested.
• Develop and update internal controls documentation and LMS training modules, keeping them current.

Train IT and non-IT stakeholders on IT compliance requirements and best practices.

• Bachelor's degree in fields such as Information Technology, Computer Science, Accounting, or Finance.
• 4-5 years' experience in IT audit, compliance, or risk management roles.
• Strong understanding of SOX regulations, risk management, and internal IT controls.
• Experience with IT internal controls testing is a mandatory requirement.
• Proficiency in administering and using audit and compliance software tools.
• Experience with SOC and ISO27001 Information Security frameworks is a plus.
• Experience with vulnerability management processes is a plus.

Certifications such as Certified Information Systems Auditor (CISA), Certified Sarbanes-Oxley Expert (CSOE), or Certified Internal Auditor (CIA) are a plus.

• Strong knowledge of the SOX compliance framework and IT General Computer Controls.

• Strong analytical skills: ability to analyze complex data, identify risks, and develop solutions to mitigate/address risks as appropriate.

• Able to work in ambiguous contexts: works following a detail-oriented approach and has demonstrated ability define clear action items and ownership to address/resolve the situation at hand.

• Excellent oral and written communication skills. Strong documentation skills.

• Excellent problem-solving skills.

• Strong understanding of the organization's goals and objectives.

• Solid relationship management skills.

• Excellent interpersonal skills, with a focus on listening and questioning skills.

• Ability to absorb and retain information quickly.

• Strong and natural attitude to be detail oriented.

• Ability to work independently and effectively prioritize and execute tasks in a high-pressure environment.

• Ability to stay updated on changes in SOX regulations and best practices.

• Experience with working as part of a global team and able to accommodate flexible working hours to support US-based stakeholders as required.