Technology Compliance Analyst

OVERVIEW: The Technology Compliance Analyst is responsible for conducting detailed ITGC SOX audits, gathering evidence, analyzing technology risks across systems and processes, and issuing recommendations for risk mitigation. They oversee the implementation of corrective actions and ensure the effectiveness of these measures. The analyst also supports MarineMax by assessing, implementing, and maintaining technology systems to meet compliance standards. Additionally, the role involves developing thorough audit reports for all in-scope systems, ensuring compliance and governance requirements are met.

KEY RESPONSIBILITIES: 

• Serve as a point of contact for internal and external IT-related audits, and compliance assessments. 


• Assist with development and implementation of security policies, standards, procedures and audit scoping efforts.


• Coordinate and facilitate the creation/updates to the SOX control narratives and related documentation. 


• Work with internal and external auditors as required.


• Review procedures and maintain audit requirements to test IT controls across a range of areas/technologies (including but not limited to: IT General Controls, application controls, system implementations, cybersecurity, privacy, database management systems, operating systems, and ERPs).


• Performs IT control assessments/reviews and collects evidence to determine alignment with policies, standards, and regulations. These areas include user access, change management, and systems monitoring. 


• Gather, analyze and evaluate risk related data.


• Performs research on policies and procedures regulations. 


• Responsible for identifying control deficiencies and communicating the deficiencies to management. 


• Review, document, evaluate, and test manual and automated IT controls throughout the enterprise technology environment.


• Responsible for systems oversight and change management activities across infrastructure, servers, network, storage, and compute platforms to ensure compliance with defined requirements. 


• Enforce IT related security policies and controls by following defined procedures and standards.


• Adhere to defined IT Sarbanes Oxley (ITGC) and NIST controls.


• Maintain appropriate documentation, including drawings, configurations, settings, and recovery plans.


• Ensure an effective level of cross training to provide team member absence.


• Provide expert problem solving and technical judgment skills to respond to new requests and develop necessary audit documentation by working with appropriate teams. 


• Make recommendations for improvement if current capacity of any systems prove to be inadequate. 


• Maintain relationships with related partners, vendors, and suppliers.


• Implement automation procedures to simplify audit and support activities.


• Adhere to Technology Team established development and support processes, team and company policies and best practices.


• Research and evaluate current and emerging technologies and stay abreast of new technologies and solutions that will help increase productivity, innovation, and business capabilities.


• Maintain a competitive edge through continuous self-development as a core competency and freely share relevant information for the benefit of the entire Technology Team.

KEY RESULTS: 

• Perform thorough audits of in-scope systems and processes to ensure compliance with IT General Controls (ITGC) and Sarbanes-Oxley (SOX) requirements. Deliver detailed audit reports that identify key risks, gaps, and non-compliance areas, along with recommendations for corrective actions.


• Conduct risk assessments across various technology systems, identifying potential security, operational, and compliance risks. Develop and implement effective mitigation plans to address identified risks, ensuring that the company’s technology environment remains compliant with industry standards and regulatory requirements.


• Maintain and monitor compliance policies, ensuring continuous alignment with regulatory requirements.

KEY SKILLS: 

• Bachelor’s degree in Computer Science, MIS, engineering, or related program, or directly related experience and certification beyond minimums will be considered.


• Minimum 3 years of directly related experience in enterprise environment required.


• SOX, PCI, NIST CSF, COBIT, CIA / CISA experience required, and certification is preferred.


• Knowledge of common IT solutions from leading technology providers.


• Experience in support and maintenance of Windows Server, Linux Server, ERP technologies is required.


• Extremely strong analytical and problem-solving skills.


• Detail-oriented, with strong documentation and organization skills.


• Excellent communication skills sharing technical details with team members, project teams, and stakeholders and produces ideas, solutions, and materials for Technology Team Leadership.


• Self-starter and works with minimal supervision with excellent time management, documentation, and relationship management skills.

*MarineMax and its subsidiaries uses E-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States. Learn more about E-Verify, including your rights and responsibilities.