IT Risk Analyst

Brilliant Earth - IT SOX Risk Analyst 

Position Overview: 

The IT Risk Analyst will play a crucial role in ensuring Brilliant Earth’s compliance with SOX regulations, focusing on IT General Controls, key report testing, risk assessments, and remediation activities. This position requires a deep understanding of IT audit practices, control procedures, and system implementations, with a focus on strengthening internal controls and mitigating IT-related risks. The Risk Analyst will work closely with cross-functional teams, including IT, security, data, compliance, and internal audit, to support SOX 404 assertions, conduct impact analysis, and help optimize the SOX compliance program.
 

Responsibilities: 

SOX Compliance & Risk Management: 

• Lead the development, documentation, and implementation of IT General Controls (ITGCs) for SOX compliance, ensuring alignment with regulatory requirements. 
• Conduct risk assessments across the technical landscape, including the review of system implementations, data migrations, and SDLC controls. 
• Lead the analysis of root causes, impact assessments, and remediation efforts related to control deficiencies. 
• Conduct periodic reviews of Segregation of Duties (SOD) and application controls across the company’s systems. 
• Review, assess, and evaluate system reports for accuracy, completeness, and effectiveness. 

Audit & Control Design: 

• Assist with IT audit requests and serve as a key liaison between IT and business teams during audits. 
• Collaborate with internal audit to design testing programs for SOX 404 assertions, ensuring that control procedures are appropriately tested and documented. 
• Manage the internal controls repository (Audit Board), ensuring it is up to date with control design and testing documentation. 
• Lead the design and implementation of controls for new systems, processes, and launches, ensuring that appropriate internal controls are in place before launch. 
• Work with third-party service providers to assess SOC reports and evaluate control practices for outsourced services. 

Process Improvement & Optimization: 

• Continuously seek opportunities to improve the efficiency and effectiveness of the SOX program through process optimization and automation. 
• Manage and lead company-wide training initiatives for process and control owners to ensure they are informed of internal controls and SOX compliance requirements. 
• Play a key role in the company’s annual and semiannual risk assessment processes, ensuring that emerging risks are identified and addressed in a timely manner. 

Stakeholder Engagement & Reporting: 

• Develop and present SOX compliance findings and assertions for leadership and Audit Committee meetings. 
• Foster collaboration with the IT, security, data, and compliance teams to ensure consistent and effective SOX documentation and monitoring. 
  • Build strong partnerships with business and IT owners to coordinate remediation activities, develop and assist in executing remediation plans 
  • Coordinate annual and periodic control and system certifications 
• Collaborate with internal and external auditors to streamline ITGC testing, walkthroughs, and audit procedures, driving efficiencies and minimizing business disruption. 

Qualifications: 

Required Experience & Skills: 

• 5+ years of experience in IT/Internal Audit or Risk Assurance, with a focus on SOX compliance and ITGCs. 
• Strong understanding of control procedures, frameworks (e.g., COSO), and risk assessment practices, with the ability to assess and manage risk within IT systems and processes. 
• Proven experience with IT audit, control testing, and process documentation. 
• Strong project management skills, with the ability to manage multiple tasks and prioritize competing demands effectively. 
• Excellent communication and interpersonal skills, with a demonstrated ability to build relationships and influence teams across departments. 
• Critical thinking and problem-solving abilities to analyze control deficiencies and propose effective remediation strategies. 
• Proficient in Microsoft Office suite applications, including Excel, Word, and PowerPoint. 

Preferred Qualifications: 

• Professional certifications such as CISA, CIA, CFE, or CISSP are highly preferred. 
• Experience working in public accounting with a PCAOB-registered firm. 
• Knowledge of IT project management principles and best practices. 
• Familiarity with ERP systems such as NetSuite, Salesforce, and Oracle, particularly with respect to SOX compliance and internal controls. 

What We Offer: 

At Brilliant Earth, we’re passionate about the employee experience. That’s why we offer an excellent training program and endless opportunities for career growth! In addition, we offer competitive compensation and a robust benefits package, including: 

• Insurance. Medical, dental, and vision insurance kick in on the first day of your 2nd month! 
• 401k match. We know that saving for the future is important. That's why we offer a generous 401k match. 
• Open PTO Policy. We know it’s important to recharge and relax. 
• Disability and Life insurance. 100% employer-paid. 
• Pre-Tax Commuter Benefits. 
• Continued Education. Company-sponsored learning in leadership, professional skills, diversity & inclusion, and access to tuition reimbursement for role-specific trainings. 
• Employee Discounts. As an employee at Brilliant Earth, you’ll receive a generous discount on our jewelry. 
• Wellness Benefits. We offer access to exclusive discounts on gym memberships and more, as well as an Employee Assistance Program for 24/7 access to counseling. 
• Giving Back and Volunteer Opportunities. In addition to our giving back programs, our teams support local initiatives and spend time together by volunteering 

More About Us