IT Audit & Compliance Analyst

Key Responsibilities

• SOX & IT Controls
• Perform and support SOX IT General Controls (ITGC) testing, including:
• User access management
• Change management
• System operations and backups
• Assist with walkthroughs, risk assessments, and control documentation
• Track and support remediation of control deficiencies
• Partner with Internal Audit and external auditors during SOX audits
• SOC 2 & Third-Party Assurance
• Support SOC 2 Type I and Type II readiness and ongoing compliance
• Maintain control narratives, evidence, and audit artifacts
• Coordinate with IT, Engineering, and Security teams to ensure controls are operating effectively
• Assist in responding to customer and vendor security questionnaires
• Cybersecurity & Risk Collaboration
• Work with the Cybersecurity team on:
• Security policies and standards
• Risk assessments and control alignment (NIST, ISO, etc.)
• Incident response and access reviews (governance perspective)
• Help bridge compliance requirements with security operations
• Documentation & Continuous Improvement
• Maintain IT policies, procedures, and control documentation
• Identify opportunities to improve control design, automation, and audit efficiency
• Stay current on regulatory and industry best practices

Required Qualificatons

• 3–6 years of experience in IT audit, IT compliance, or technology risk
• Hands-on experience with SOX ITGCs
• Exposure to SOC 1 and/or SOC 2 audits
• Understanding of core IT processes (access, change, SDLC, infrastructure)
• Strong documentation and communication skills

Preferred Qualfications

• Experience in a public company environment
• Familiarity with cybersecurity frameworks (NIST, ISO 27001, CIS)
• Experience working with external auditors or Big 4 firms
• Certifications or progress toward:
• CISA - Required
• CISM
• CRISC
• CISSP (a plus, not required)

What We Offer

• Exposure to SOX, SOC 2, and cybersecurity governance
• Career growth toward Senior IT Auditor, GRC Manager, or Cyber Risk roles
• Cross-functional work with IT, Security, Finance, and Audit teams
• Competitive compensation and benefits
•  
• Why This Role Is Attractive (unspoken but real)
• Not “pure audit” — includes security and risk exposure
• Public company experience (very marketable)
• Clear path into senior IT audit, GRC, or cyber risk

Benefits

Marcus & Millichap offers a comprehensive benefits package designed to support employees’ health, well-being, and financial security. Eligible employees may have access to the following benefits, subject to the terms of applicable benefit plans:

•    Health, dental, and vision insurance
•    Paid time off and paid holidays
•    401(k) retirement plan with employer matching contributions
•    Life and disability insurance
•    Employee Assistance Program (EAP) and wellness resources

Benefits eligibility, coverage, and employer contributions may vary based on position, employment status (full-time or part-time), location, and length of service. This summary is provided for informational purposes only and does not constitute a guarantee of benefits. Additional details will be provided during the hiring process or upon request.