ABOUT THE ROLE

Abnormal AI is looking for a Senior GRC Analyst (Governance, Risk, and Compliance) to lead our SOx IT compliance program. The Security & Privacy team owns the information and cybersecurity program for the company, including IT, Security Operations, GRC, Privacy, and Customer Trust.
This role will be responsible for managing the end-to-end SOx program in coordination with internal and external audit partners, Finance, and IT. This includes leading ITGC scoping, evidence collection, walkthroughs, testing, and issue remediation. This person will serve as the main point of contact for SOx-related matters and will help mature the program in alignment with our rapid growth and evolving risk landscape.
The ideal candidate will have the mindset of an auditor with keen attention to detail, possess exceptional skills in project management, be a good communicator who excels at explaining complex technology to diverse audiences in a way that fosters understanding and ownership, has strong collaboration and business sense, and an adept awareness of our customers’ requirements of Abnormal as a leading cybersecurity SaaS provider.

WHAT YOU WILL DO

• Own and lead Abnormal’s SOx IT compliance program, including annual planning, testing coordination, and reporting.
• Coordinate with internal and external auditors to manage walkthroughs, evidence collection, and testing of ITGCs
• Track and drive remediation of control gaps or audit findings and ensure closure is properly documented.
• Maintain up-to-date documentation for controls, narratives, and process flows.
• Partner with business and technical stakeholders to improve control design and operational effectiveness.
• Monitor regulatory changes and adjust control requirements and documentation as needed.
• Support continuous improvement of the SOx program, through automation, metrics, and process enhancements
• Design and manage program operations to support the program goals and implement and maintain technology to support the program and its operations.
• Engage in ad-hoc projects as required.
• Maintain regular, clear communication with project teams, key partners, and management regarding the status of controls testing, audit progress, risk assessment progress, and progress of issues management.
• Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners.