Lead Governance, Risk, and Compliance Analyst

Join us and make a difference in global investor protection.

Who We Are

The Public Company Accounting Oversight Board (PCAOB), a nonprofit organization established by Congress, oversees the audits of public companies and SEC-registered brokers and dealers to protect investors and to further the public interest in the preparation of independent, accurate, and informative audit reports.

Our investor protection mission is focused on modernizing audit standards, enhancing audit inspections, and strengthening enforcement of PCAOB rules and standards and other related laws and rules.

People are at the heart of our mission at the PCAOB. As we carry out that mission, we strive to uphold the highest standards in audit quality with investors' families, savings, and futures in mind.

We are hiring mission-driven professionals interested in a career with purpose, competitive benefit offerings, and work-life flexibility.

If you are interested in working with a diverse group of talented professionals to protect investors and drive audit quality and innovation while adhering to the highest standards of ethical and professional conduct, join us.

What We Offer

At the PCAOB, we offer a highly competitive compensation and benefits package with a focus on the health and financial well-being of our valued team members.

Some of the features of our comprehensive Total Rewards package include :

Compensation - We support transparency, equity, and fairness in our compensation programs and provide a reasonable estimate of the salary range, based on data-driven market analysis, for each job posting.

While it is not typical for an individual to be hired at or near the top of the range, a reasonable estimate of the salary ranges are as follows : Tampa, FL : $102,800 - $149,800.

Atlanta, GA; Fort Lauderdale, FL; Charlotte, NC; and Dallas, TX : $107,900 - $157,300. Houston, TX; Denver, CO; Chicago, IL;

and Philadelphia, PA : $113,100 - $164,800. Irvine, CA; Los Angeles, CA; Washington, DC (Headquarters); and Boston, MA : $118,200 - $172,300.

New York, NY : $128,500 - $187,300. San Francisco, CA : $133,600 - $194,800.

• Hybrid work option - Staff will be assigned to one of our offices or locations, including : Washington, DC (Headquarters);
• Irvine, CA; Los Angeles, CA; San Francisco, CA; Denver, CO; Fort Lauderdale, FL; Tampa, FL; Atlanta, GA; Chicago, IL; Boston, MA;

New York, NY; Charlotte, NC; Philadelphia, PA; Dallas, TX; and Houston, TX. Staff can choose to live and work from anywhere within the United States but will be required to commute to their assigned office or location for occasional intentional gatherings or meetings at the frequency required by their supervisor.

Travel to an assigned office or location for commuting purposes will not be considered reimbursable business travel, unless otherwise required by state law.

Business travel is reimbursable in an amount not exceeding the cost to travel from the assigned office or location, unless otherwise required by state law.

• Generous paid time off - Up to 6 weeks annually, in addition to 12 federal holidays, 2 floating holidays, and a year-end break from December 25 -31, 2024
• Highly competitive 401(k) match and savings options - Immediate vesting and contributions matched dollar for dollar, up to 7 percent of eligible compensation.

Roth in-plan conversion available.

• Comprehensive and competitive health benefit offerings - Medical, dental, and vision plans
• Supportive paid family leave benefits - Up to 16 weeks paid parental leave and up to 16 weeks paid caregiver leave
• Life insurance benefits - Basic life and AD&D insurance provided; supplemental insurance also available
• Education benefits - PCAOB staff qualify for the Public Service Loan Forgiveness (PSLF) program. We also offer student loan repayment assistance, staff college tuition assistance, and college coach program support.
• Well-being and family resources - Mental health and well-being resources, paid volunteer time, emergency child / adult dependent back-up care services, family-forming assistance, discounted gym memberships, employee assistance program (EAP), health advocate program, and more
• Commuter benefits - Tax-free employer subsidy and pretax employee deductions

Position Summary

The PCAOB has a full-time, regular position for a Lead Governance, Risk, and Compliance Analyst in the Office of Technology (OT).

This role will be the primary conduit for all OT Risk and Compliance, including : Internal Controls over Financial Reporting (ICFR), General Technology Controls, audits, and as a Risk Liaison to PCAOB's Enterprise Risk Management Office.

The position will also contribute to monitoring and maintaining a strong IT internal controls environment and strive toward continuous improvement.

Additionally, this position will assist with developing, maintaining, enhancing, and executing our GRC program including identifying, assessing, and mitigating potential cyber security risks.

Responsibilities

• In collaboration with OT leadership, ensure the OT control environment is maintained and continuously improved in accordance with compliance goals, industry standards, and legislative updates and mandates.
• Work with the PCAOB Finance ICFR team to design and implement a risk-based approach for controls and testing strategies for the OT environment to support compliance objectives.
• Integrate controls into existing OT department processes, perform assessments of OT projects and initiatives as they relate to compliance issues, and deliver risk and control profiles for integration into systems development and operational lifecycles.
• Leverage expert IT audit knowledge to assess relevance of gaps in current processes / controls and potential exposures / impact to the organization overall.
• Provide recommendations on the design of internal control activities, optimizing and updating key controls, controls testing, and ensuring control documentation reflects a high level of quality.
• Provide recommendations to develop, enhance, and operationalize enterprise-level cybersecurity policies, processes, and controls to mitigate risk.
• Coordinate on maturing our cyber risk governance framework and processes.
• In collaboration with leadership, operationalize cyber risk governance to ensure seamless integration into daily operations and decision-making processes.
• Support the adoption of our cyber risk management standards.
• Develop and implement performance metrics to measure the effectiveness of cyber risk governance activities.
• Support the execution of internal controls within the OT organization.
• Provide oversight and guidance to process owners to maintain the required documentation and necessary artifacts to document the operational effectiveness of the control structure.
• Provide oversight and guidance on remediation strategies and activities.
• Conduct comprehensive cyber risk assessments of information systems, applications, third parties, and processes to identify potential vulnerabilities, threats, and impacts.
• Analyze and prioritize cyber risks based on their potential impact on the organization's operations, data, and reputation.
• Conduct management testing of OT general controls and application controls, providing results and mitigation or remediation strategies to process owners and OT management.
• Administer the governance, risk, and compliance tool in terms of user administration, workflows, and reports and provide recommendations to the CISO.
• Keep abreast of industry trends, regulatory developments, and emerging technologies to recommend improvements to our cyber risk governance capabilities.
• Support the creation of a cyber risk register and cyber risk reports to facilitate risk reduction.
• Collaborate with cross-functional governance teams / risk management owners to ensure mitigation implementation strategies are appropriately established and accountability holders are held responsible.
• Communicate cybersecurity policy changes, maintain an accurate listing of cyber risk owners, and incorporate best practices into our portfolio of projects.
• Draft high quality concise and accurate project summaries or communication materials including formal memos.
• Special projects and other duties as required. Collaborate with OERM in the development and maintenance of Business Continuity Planning and risk reporting.
• Act as central point of contact and investigative support for reporting risk events to OERM and for tracking and reporting on the mitigation of business area risk events.
• Coordinate with members of OT to report on information requested by OERM.
• Coordinate execution of the change control board (CCB).
• Facilitate change control processes, activities, and documentation creation.
• Perform the OT change reconciliation process and toolset administration.
• Monitor system changes to applications and back-end modifications to databases
• In collaboration with leadership, promote efficiencies and increase performance by providing risk management and participating in process improvement initiatives.
• Provide a compliance perspective and input to help determine current and future states of processes and implement process improvements.
• Perform risk assessments and deliver risk-mitigation strategies to process owners, project leads, and OT management.

Qualifications

Education / Technical Expertise

• Bachelor's degree in related field, such as information technology, audit, or accounting with strong IT focus and experience.
• Current certification in one or more of the following : CISSP, CISA, CISM, CRISC, CCAK, or CCSP.
• Minimum of 5+ years of relevant work experience such as IT external audit, IT internal audit, IT risk management, IT change management, and / or IT processes.
• Hands-on experience with internal controls (COSO / ICFR), cybersecurity risk, and IT compliance programs.
• Demonstrated understanding of relevant SOX legislation, ICFR mandates, and how to implement on the ground.
• Well-versed in SOX, SOC1 / 2, and ICFR testing at application, computer system, and network level.
• Must have experience with assessment and testing of IT general controls and IT control testing of applications, databases, and end user computing schedules.
• Strong background in all cyber security controls risk assessment, e.g., cloud, network, data, operating system, API, and identity management security.
• Experience initiating and / or managing programs or projects in an ambiguous environment
• The ability to balance business interests with the need for compliance standards.
• Ability to express complex technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Strong understanding and experience in enabling GRC solutions and common control framework for data regulations.
• Ability to evaluate effectiveness of the internal cyber security control framework and recommend adjustments as business needs change.
• Ability to work both independently and collaboratively.
• Must be an extremely detailed-oriented and organized individual, with strong verbal and written communication skills.
• Must have experience in development, implementation and audit of general technology controls.
• Willingness to travel to the PCAOB's Washington, DC office or other regional offices occasionally, as required.
• Available for off business hours work, as needed.

Preferred Qualifications

• Experience with the NIST Risk Framework.
• Experience with GRC tools such as Service Now, Riskonnect, OneTrust, AuditBoard, ZenGRC, Diligent, etc.

Equal Employment Opportunity

All PCAOB employees are entitled to equal opportunity and a professional work environment, free of discrimination and harassment.

A workplace free of discrimination and harassment is fundamental to professional success and to the PCAOB's mission. The PCAOB will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.

LI-Hybrid