Job Description

Title: ITGC Compliance Specialist – Internal Controls Management

Location: East Coast – Remote

Duration: Full Time 

Experience

• experience in IT compliance, ITGC testing, IT audit, GRC operations, or risk and controls.
• Demonstrated experience executing control testing procedures and documenting audit-ready evidence.
• Exposure to SOX ITGC requirements or experience supporting organizations in public-company or IPO-readiness environments.
• Working familiarity with the NIST Cybersecurity Framework (CSF 2.0), including the six core functions and subcategory structure.

Technical & Framework Knowledge

• Foundational understanding of COSO, SOX, and PCAOB audit expectations, with awareness of IPE validation requirements.
• Familiarity with NIST CSF 2.0 target profiles, implementation tiers, and the crosswalk to complementary frameworks (e.g., ISO 27001, CIS Controls).
• Working knowledge of SaaS governance concepts and SOC report analysis, including CUECs and bridge letters.
• Comfortable operating in DevOps and Agile environments, with basic understanding of CI/CD pipelines, version control (e.g., GitHub), and ticketing systems (e.g., Jira).
• Exposure to identity providers (e.g., Okta, Azure AD) and cloud platforms (e.g., AWS, GCP) is a plus.

Soft Skills

• Professional assertiveness: Comfortable raising control concerns and holding firm on compliance expectations in a constructive manner.
• Clear communicator: Able to explain control requirements to technical teams and articulate technical architectures to auditors with equal confidence.
• Pragmatic and solutions-oriented: Focuses on workable outcomes and sustainable fixes rather than theoretical perfection.
• Detail-oriented: Produces thorough, well-organized documentation and evidence packages that meet audit-grade standards.

Preferred Qualifications

• Experience with GRC platforms such as AuditBoard, Drata, OneTrust, ServiceNow GRC, or similar.
• Experience supporting multiple compliance frameworks simultaneously (e.g., SOC 2, ISO 27001, PCI DSS).
• Familiarity with vulnerability management programs and remediation tracking.
• Experience with TPRM processes and vendor risk assessment workflows.

Preferred Certifications

• CISA (Certified Information Systems Auditor) — Strongly preferred
• CompTIA Security+ or CySA+
• CRISC, CCSK, or similar GRC/security certifications are a plus

NIST CSF or similar framework-specific training or credentials are valued

͏

Do

1. Bridging the gap between project and support teams through techno-functional expertise

• For a new business implementation project, drive the end to end process from business requirement management to integration & configuration and production deployment
• Check the feasibility of the new change requirements and provide optimal solution to the client with clear timelines
• Provide techno-functional solution support for all the new business implementations while building the entire system from the scratch
• Support the solutioning team from architectural design, coding, testing and implementation
• Understand the functional design as well as technical design and architecture to be implemented on the ERP system
• Customize, extend, modify, localize or integrate to the existing product by virtue of coding, testing & production
• Implement the business processes, requirements and the underlying ERP technology to translate them into ERP solutions
• Write code as per the developmental standards to decide upon the  implementation methodology
• Provide product support and maintenance to the clients for a specific ERP solution and resolve the day to day queries/ technical problems which may arise
• Create and deploy automation tools/ solutions to ensure process optimization and increase in efficiency
• Sink between technical and functional requirements of the project and provide solutioning/ advise to the client or internal teams accordingly
• Support on-site manager with the necessary details wrt any change and off-site support

͏

2. Skill upgradation and competency building

• Clear wipro exams and internal certifications from time to time to upgrade the skills
• Attend trainings, seminars to sharpen the knowledge in functional/ technical domain
• Write papers, articles, case studies and publish them on the intranet

͏

Deliver

͏