IT Controls and Compliance Analyst (Hybrid)

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for seven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

Responsible for completing deliverables which support Audit workstreams for Lenders, Regulators, Internal and External Audit, SOX and SOC efforts. Works with personnel across all levels of the organization.  In-depth knowledge of IT general controls, IT audit fundamentals, strong project management skills and process analysis are required.

This role is hybrid 2 days per week onsite in Santa Ana, CA.

What You'll Do:

• Perform analysis of audit control gaps over processes and tools, analyze evidence, and provide recommendations to remediate findings and improve the control environment
• Advise management on the design and implementation of control activities that reduce risk, add value, and mature the control environment
• Assist in the development, maintenance, and implementation of tools and processes to streamline and automate compliance and control activities
• Perform readiness assessments with application teams to onboard to SOC and SOX program by creating test plan, analyzing evidence to ensure it meets control objective, identifying gaps and the ability to communicate the results to stakeholders.
• Provide excellent customer service in support of program activities
• Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties
• Assist with the maintenance and update of program documents
• Maintain an understanding of Company and IT objectives and risks
• Perform ongoing education and training in Information Security related areas
• Provide subject matter expertise related to IT General Controls and Information Security policies and standards
• Maintain data within system of record which tracks issues, engagements and metrics that gets communicated throughout the organization
• Required to perform duties outside of normal work hours based on business needs.
• Tasks range in complexity from simple (perform an audit step) to complex (perform a risk assessment and create an audit program to address risks)
• Tasks can require originality and ingenuity to evaluate risks and determine appropriate and cost-effective controls to mitigate risk
• Participates in brainstorming discussions and can act in an advisory capacity
• Focus of interaction is with IT personnel including control owners and key stakeholders
• In-depth knowledge of IT and Information Security control standards and frameworks (COBIT, ISO27001, SSAE16/SOC1/SOC2, etc.)
• In-depth knowledge of MS Excel
• Team player with positive energy and good customer service skills
• Ability to work independently, demonstrates initiative, and is a self-starter
• Ability to work effectively and maintain relationships with all levels of the organization

What You'll Bring:

• Minimum 2 years relevant work experience in Information Security, IT Risk Management, IT Governance or IT Audit
• Bachelor’s Degree or above
• Effectively communicate IT compliance expectations to all levels of the organization including operational personnel executive management
• Gain support and consensus with multiple stakeholders and partners (internal and external)
• Manage multiple initiatives simultaneously, with strong ability to prioritize
• Respond appropriately to potential audit findings including vetting and assessment of risk
• Customer focused in the context of balancing risk reduction with business needs
• High attention to detail to manage, analyze and finalize artifacts and documents
• Highly developed oral and written communication skills; strong presentation skills
• Highly flexible, adapting to changes in priorities and requirements
• Development and maintenance program-related documentation (e.g., standard operating procedures)
• Ability to quickly learn, communicate and apply technical concepts
• Relevant, industry recognized security certification such as CISSP, CISA, CISM

Pay Range: $68,890- $97,000 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.