Startup Jobs
Post a Job
Marcus & Millichap

IT Audit & Compliance Analyst

Portland , United States
full-time On-site

AI overview

Support SOX compliance and SOC 2 reporting, enhancing IT governance while collaborating with Internal Audit, Finance, and Cybersecurity teams.
We are seeking a mid-level IT Audit & Compliance Analyst to join our IT organization at a publicly traded company. This role supports SOX compliance, SOC 2 reporting, and IT risk management, and works closely with Internal Audit, Finance, and Cybersecurity teams to ensure strong technology controls and regulatory compliance. This position is ideal for someone with a solid foundation in IT controls and audits who wants to deepen their experience across SOX, SOC 2, and cybersecurity governance. Key Responsibilities
  • SOX & IT Controls
  • Perform and support SOX IT General Controls (ITGC) testing, including:
  • User access management
  • Change management
  • System operations and backups
  • Assist with walkthroughs, risk assessments, and control documentation
  • Track and support remediation of control deficiencies
  • Partner with Internal Audit and external auditors during SOX audits
  • SOC 2 & Third-Party Assurance
  • Support SOC 2 Type I and Type II readiness and ongoing compliance
  • Maintain control narratives, evidence, and audit artifacts
  • Coordinate with IT, Engineering, and Security teams to ensure controls are operating effectively
  • Assist in responding to customer and vendor security questionnaires
  • Cybersecurity & Risk Collaboration
  • Work with the Cybersecurity team on:
  • Security policies and standards
  • Risk assessments and control alignment (NIST, ISO, etc.)
  • Incident response and access reviews (governance perspective)
  • Help bridge compliance requirements with security operations
  • Documentation & Continuous Improvement
  • Maintain IT policies, procedures, and control documentation
  • Identify opportunities to improve control design, automation, and audit efficiency
  • Stay current on regulatory and industry best practices
    • Required Qualificatons
  • 3–6 years of experience in IT audit, IT compliance, or technology risk
  • Hands-on experience with SOX ITGCs
  • Exposure to SOC 1 and/or SOC 2 audits
  • Understanding of core IT processes (access, change, SDLC, infrastructure)
  • Strong documentation and communication skills
    • Preferred Qualfications
  • Experience in a public company environment
  • Familiarity with cybersecurity frameworks (NIST, ISO 27001, CIS)
  • Experience working with external auditors or Big 4 firms
  • Certifications or progress toward:
  • CISA - Required
  • CISM
  • CRISC
  • CISSP (a plus, not required)
    • What We Offer
  • Exposure to SOX, SOC 2, and cybersecurity governance
  • Career growth toward Senior IT Auditor, GRC Manager, or Cyber Risk roles
  • Cross-functional work with IT, Security, Finance, and Audit teams
  • Competitive compensation and benefits

  • Why This Role Is Attractive (unspoken but real)
  • Not “pure audit” — includes security and risk exposure
  • Public company experience (very marketable)
  • Clear path into senior IT audit, GRC, or cyber risk
    • #LI-CT1
     Marcus & Millichap

    Marcus & Millichap: #1 commercial real estate investment sales brokerage in North America, offering investment sales, financing, research and advisory services.

    Website LinkedIn
    View all jobs
    Ace your job interview

    Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

    Compliance Analyst Q&A's
    Report this job
    Apply for this job