Senior Analyst, IT Risk & Controls

Senior Analyst, IT Risk & Controls



New York, Norwalk

Career Track


Senior Analyst, IT Risk & Controls

This role is eligible for our five day flex office work model

Senior Analyst, IT Audit and SOX

From accounting and financial planning to risk/fraud analysis and payments, our Finance team ensures not only our company’s financial security, but also that our customers can buy from us with confidence.

Why this job’s a big deal:

As a Senior Analyst, IT Risk and Controls you will be part of the Information Security GRC team, responsible for supporting IT SOx compliance and risk identification activities, as well as to design, implement, maintain, and supervise controls in-line with Priceline's risk appetite and compliance requirements. You will help us build and improve our control frameworks ensuring that the risks Priceline faces are identified and addressed in a pragmatic and efficient way. You will also support any additional activities of the GRC team.

In this role you will get to:

  • Support Technology, Finance and HR stakeholders to understand IT SOx compliance and operational risks

  • Perform risk analysis, and assist process and control owners in determining and designing optimal IT controls to mitigate risks

  • Support process and control owners regarding process and control documentation, as well as supporting to ensure appropriate control evidence is created and retained

  • Maintain and improve the Priceline's IT Risk and Control framework in our GRC tool

  • Support IT SOx operations from 2LoD, coordinating all the control certification and evidence collection cycles via our GRC tool

  • Monitor IT control performance across the business for timely and effective execution

  • Support and coordinate audit activities and help to close any control deficiencies identified

  • Partner with Information Security, BP Risk & Controls colleagues to support critical risk areas and tasks

  • Help build and improve control frameworks Support internal and external audit team in the coordination of fieldwork interviews and evidence collection

Who you are:

  • 4-5+years of experience coordinating IT SOx compliance activities and maintaining IT Risk and Control Matrices/Frameworks

  • Additional experience in Risk Management or IT Audit is a plus

  • Excellent understanding of IT General Controls Bachelor’s degree (or above) in IT, Engineering or Accounting/Finance

  • Solid understanding / experience with SOx audits and auditor testing methodology

  • Enthusiastic, self-starting and enjoys change and a dynamic environment

  • Able to self-motivate, organize and take ownership for own workload to ensure that deadlines and objectives are met

  • Able to multitask and prioritize work optimally

  • IT risk/audit certificates (CISA, CRISC, CISSP, CIA, ITIL) are a plus

  • Familiar with applicable IT frameworks (COBIT, ITIL, NIST, ISO 27001, 20000, 22301, etc) is a plus

  • Familiar with specific technology (Google Cloud, JIRA, Confluence, Audit-board, Workday, Excel & Google Suite) is a plus

There are a variety of factors that go into determining a salary range, including but not limited to external market benchmark data, geographic location, and years of experience sought/required. In addition to a competitive base salary, certain roles may be eligible for an annual bonus and/or equity grant.

The salary range for this position is 105000 – 130000 USD