Senior Analyst, IT Risk & Controls

Senior Analyst, IT Risk and Controls

From accounting and financial planning to risk/fraud analysis and payments, our Finance team ensures not only our company’s financial security, but also that our customers can buy from us with confidence. 

This role is eligible for our hybrid work model: Two days in-office.

Why this job’s a big deal:

As a Senior Analyst, IT Risk and Controls, you will be part of Priceline’s Risk and Controls team. You will support Sarbanes-Oxley (“SOX”) compliance and the compliance of other complex projects, including designing, implementing, maintaining, and monitoring controls in-line with Priceline's risk appetite and compliance requirements. This role will be reporting to and working directly with the Senior Manager, IT Risk and Controls, helping us build and improve our control frameworks ensuring that the risks Priceline faces are identified and addressed in a pragmatic and efficient way.

In this role you will get to:

• Maintain a comprehensive understanding of the Priceline.com business, industry news, and risk best practices and apply that knowledge in the context of your coverage areas

• Manage relationships with various key stakeholders, including Internal and External Auditors

• Manage and coordinate IT SOX audit activities

• Support Technology, Finance, and HR stakeholders to understand IT SOX compliance and operational risks

• Perform risk analysis, and assist process and control owners in determining and designing optimal IT controls to mitigate risks

• Support the business on control-related issues as part of complex projects and initiatives that may impact SOX compliance

• Facilitate and conclude upon SOX impact assessments for key technology changes

• Partner with Information Security, Business Process Risk and Controls colleagues to support critical risk areas and tasks

• Maintain and monitor IT control performance across the business for timely and effective execution

• Support IT SOX operations from 2LoD, coordinating all the control certification and evidence collection cycles via our GRC tool

• Support process and control owners regarding process and control documentation, as well as supporting to ensure appropriate control evidence is created and retained

• Support internal and external audit team in the coordination of fieldwork interviews and evidence collection

• Support and coordinate audit activities and help remediate any control deficiencies identified

Who you are: 

• 4-5+ years of experience coordinating IT SOX compliance activities and maintaining IT Risk and Control Matrices/Frameworks

• Bachelor’s degree (or above) in IT, Engineering, or Accounting/Finance

• Experience in Risk Management or IT Audit is preferred

• Experience in Big 4 Accounting/Professional Services is preferred

• Experience in complex agile/devops environments is preferred

• Excellent understanding/experience with SOX and IT General Controls

• Enthusiastic, self-starting and enjoys change and a dynamic environment

• Able to self-motivate, organize and take ownership for own workload to ensure that deadlines and objectives are met

• Able to multitask and prioritize work optimally

• Excellent writing/verbal communication, presentation and strong interpersonal skills

• IT risk/audit certificates (CISA, CRISC, CISSP, CIA, ITIL) are a plus

• Familiar with applicable IT frameworks (COBIT, ITIL, NIST, ISO 27001, 20000, 22301, etc) is a plus

• Familiar with specific technology (Google Cloud, SAP, JIRA, Confluence, AuditBoard, Workday, Excel & Google Suite) is a plus

• Illustrated history of living the values necessary to Priceline: Customer, Innovation, Team, Accountability and Trust

• The Right Results, The Right Way is not just a motto at Priceline; it’s a way of life. Unquestionable integrity and ethics is essential.

  #LI-AR1