Senior IT Risk & Assurance Analyst

Description

At Abrigo, we provide market-leading compliance, credit risk and lending software solutions that financial institutions use to manage risk and drive growth. Our solutions automate key processes and allow our customers to maintain compliance, fight financial crime, process loans quicker, and leverage data to strengthen their portfolio.

Abrigo is seeking a Senior IT Audit & Assurance Analyst to join our IT Risk & Assurance team, leading the execution of SOC audit engagements, IT internal audit coordination, IT internal control testing and monitoring, and risk assessment activities for a fast-paced fintech SaaS company serving community financial institutions nationwide.

This position is remote-primary based in Raleigh, NC, with quarterly on-site team engagements (three days each) and periodic on-site visits during external audit fieldwork (up to three weeks annually). This role reports to leadership within the IT Risk & Assurance Team, within an organization that operates under a security-first model under the Chief Information Security Officer.

What You’ll Do:

SOC & External Audit Engagement Management:

• Serve as a primary point of contact for external audit firms conducting enterprise SOC 1 and SOC 2 audit engagements, managing the engagement lifecycle from annual renewal and kickoff through final report issuance
• Manage ad-hoc SOC 1 and SOC 2 audit engagements for newly acquired products not yet in scope of the enterprise SOC reports
• Coordinate document requests, evidence collection timelines, and walkthrough scheduling with internal control owners across the organization
• Evaluate audit artifacts for completeness and accuracy before submission to external auditors
• Communicate preliminary audit findings to management and assist in drafting management responses

IT Internal Audit Coordination:

• Serve as the primary liaison with the external IT internal audit firm, managing document requests, walkthrough scheduling, and audit status reporting for audits aligned with FFIEC IT Handbook standards
• Perform walkthroughs with product teams and internal control owners to assess the IT internal control environment and recommend IT internal controls based on SOC and IT internal audit requirements
• Proactively identify control gaps and recommend remediation strategies to control owners

Risk Finding Management & Control Monitoring:

• Own the full lifecycle of the IT risk finding register, from opening findings through remediation closure, including escalation of overdue findings to management
• Document and process risk acceptance based on control owner feedback
• Perform ongoing monitoring of specific IT internal controls to ensure SOC and IT internal audit readiness throughout the year
• Perform periodic IT internal control testing to validate control design and operating effectiveness
• Conduct periodic risk finding reviews to verify findings were closed appropriately with supporting remediation evidence

Risk Assessments & Policy Coordination:

• Lead annual updates to IT risk assessments, including the FFIEC Cybersecurity Assessment Tool (CAT), NIST CSF control mappings, and CIS Controls risk assessments
• Lead the annual business impact analysis update, evaluating likelihood and impact of potential disruptions to the technology environment
• Coordinate the annual policy update cycle with policy owners, including documenting changes, presenting to the IT Steering Committee, and coordinating management and Board approval
• Perform additional IT risk and assurance duties as assigned to support the team's evolving needs

What You’ll Need:

• Bachelor's degree in Information Systems, Accounting, Computer Science, or related discipline; equivalent professional experience may be substituted in lieu of a degree
• 3–6 years of experience in IT audit, IT risk, or IT compliance, such as advisory services at a CPA or consulting firm, IT internal audit at a financial institution, or GRC at a technology company
• Hands-on experience managing or significantly contributing to SOC 1/SOC 2 audit engagements, including evidence collection and walkthrough coordination
• Working knowledge of IT general controls and their application to SOC trust services criteria and/or FFIEC IT Handbook examination standards
• Demonstrated experience performing IT internal control testing and evaluating control effectiveness
• Experience maintaining risk finding registers and managing risk remediation lifecycles
• Familiarity with IT risk assessment frameworks such as FFIEC CAT, NIST CSF, or CIS Controls
• Strong written and verbal communication skills with the ability to interact effectively with external auditors, internal control owners, and management
• Strong organizational skills and the ability to independently manage multiple audit and assurance workstreams in a remote-first environment
• Must be available for quarterly on-site team engagements in Raleigh, NC and periodic on-site visits during external audit fieldwork

Preferred:

• CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control)
• Experience in the financial services, banking, or fintech industry
• Experience with FFIEC regulatory examinations or bank/credit union technology audit programs
• Experience with SaaS/cloud environments (AWS, Azure) and understanding of shared responsibility models
• Experience coordinating with outsourced or co-sourced internal audit functions

What You’ll Get:

• Market competitive total rewards package
• To be part of the Heart & SOUL of a winning company with an inspiring mission
• The opportunity to Make Big Things Happen
• Competitive salary along with full health benefits with an HSA option
• Flexible PTO and bank holidays
• 401(k) plan and company match

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, age, genetic trait, sexual orientation, national origin, disability status, or any other characteristic protected by law. Abrigo is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at [email protected] with the subject line accommodation.