Back to search
Sylvan, Inc. Linkedin · Posted 3d ago

Information Security Analyst

Detroit

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

We are seeking a detail-oriented and experienced Information Security Analyst to join our security and compliance team. The successful candidate will play a key role in designing, assessing, and documenting information security controls, with a strong focus on IT General Controls (ITGC), SOX compliance, internal and external audit support, and process improvement. This role requires the ability to bridge technical security requirements with regulatory compliance obligations and communicate effectively with cross-functional stakeholders.


Key Responsibilities

ITGC & SOX Compliance

▸ Design, implement, and monitor IT General Controls (ITGC) across logical access, change management, computer operations, and SDLC domains.

▸ Support annual SOX compliance programs, including scoping, risk assessment, control mapping, and testing coordination.

▸ Identify and remediate control deficiencies; track findings through to resolution and validate management remediation actions.

▸ Collaborate with business process owners to ensure SOX IT controls are embedded in day-to-day operations.

▸ Maintain control matrices, SOX documentation, and supporting evidence in accordance with PCAOB and SEC requirements.


Internal & External Audit Support

▸ Serve as the primary point of contact for internal and external auditors during IT audit engagements.

▸ Coordinate the gathering, review, and submission of audit evidence packages to ensure completeness and accuracy.

▸ Assist in preparing management responses to audit findings and tracking corrective action plans (CAPs).

▸ Support SOC 1 / SOC 2 Type II audit engagements and other third-party assessments.

▸ Analyze audit observations to identify systemic issues and drive long-term process improvements.


Process Design & Documentation

▸ Develop and maintain information security policies, procedures, standards, and guidelines aligned with frameworks such as NIST CSF, ISO 27001, and CIS Controls.

▸ Design and document end-to-end security and compliance processes, including control narratives, process flow diagrams, and risk and control matrices (RCMs).

▸ Facilitate control walkthroughs with process owners and document evidence of operating effectiveness.

▸ Maintain an up-to-date library of security process documentation and ensure version control and periodic review cycles.


Risk & Control Assessment

▸ Conduct risk assessments to identify gaps between current security posture and industry standards or regulatory requirements.

▸ Evaluate the design and operating effectiveness of controls through self-assessment and testing activities.

▸ Prepare management-level risk reports and dashboards, communicating findings clearly to technical and non-technical audiences.



Required Qualifications

▸ Bachelor’s Degree in Information Security, Computer Science, Information Systems, Accounting/Finance (MIS), or a related field.

▸ 3–6 years of experience in information security, IT audit, or compliance roles.

▸ Demonstrated hands-on experience with ITGC design, testing, and remediation in a SOX environment.

▸ Experience coordinating and supporting external audit engagements (Big 4 or equivalent).

▸ Proficiency in developing process documentation, control narratives, and risk and control matrices.

▸ Strong analytical and problem-solving skills with keen attention to detail.

▸ Excellent written and verbal communication skills; ability to convey complex technical concepts to non-technical stakeholders.


Preferred Qualifications

▸ Professional certifications such as CISA, CISSP, CRISC, CIA, or CISM.

▸ Experience with GRC platforms (e.g., ServiceNow GRC, AuditBoard, Workiva, MetricStream).

▸ Familiarity with cloud security controls (AWS, Azure, GCP) and how they relate to ITGC.

▸ Knowledge of SOC 1 / SOC 2 attestation standards and Trust Service Criteria.

Experience working in a Big 4 accounting firm or publicly traded company.

▸ Understanding of data privacy regulations (GDPR, CCPA) and their intersection with security controls.


Technical Skills & Tools

Frameworks

NIST CSF, ISO 27001, COBIT, CIS Controls, SOX (PCAOB), COSO

Audit & GRC Tools

AuditBoard, Workiva, ServiceNow GRC, or equivalent

Security Tools

SIEM, IAM/PAM platforms, vulnerability management tools

Documentation

Microsoft Visio, Lucidchart, Confluence, SharePoint

Productivity

Microsoft Office Suite (Excel, Word, PowerPoint — advanced)


Core Competencies

▸ Integrity & Accountability — Handles sensitive financial and security data with discretion.

▸ Analytical Thinking — Evaluates complex control environments and identifies root causes.

▸ Collaboration — Works effectively across security, IT, finance, legal, and operations teams.

▸ Communication — Translates technical risks into business language for executive audiences.

▸ Adaptability — Thrives in fast-paced environments with evolving regulatory requirements.

▸ Continuous Improvement — Proactively identifies opportunities to strengthen controls and processes.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent