Governance, Risk & Compliance Analyst III - SOC 2

At Sensiba, we're more than just a Top 75 Accounting Firm - we're a purpose-driven organization committed to making a meaningful impact for our clients, our people, and our communities. Recognized as a Top Workplace USA, we're proud of our culture of exceptional employee engagement, collaboration, and continuous growth.

We help clients solve problems, navigate complexity, and build a foundation for sustainable success. Whether supporting fast-growing startups or established enterprises, we bring deep expertise and a people-first approach to every engagement.

In 2018, Sensiba became a certified B Corporation (B Corp) - a designation that reflects our commitment to using business as a force for good. This certification holds us accountable to high standards of social and environmental performance, transparency, and ethical governance. It's not just a badge - it's a reflection of how we operate, make decisions, and support our stakeholders.

Summary :

The GRC Analyst III - SOC 2 is responsible for ensuring client satisfaction and efficient execution of engagement plans, while being the coach and advisor to team members. This role will focus on business processes and IT control auditing and advisory services with responsibilities that include evaluating, testing, and documenting key business processes, access controls, and change management controls for engagements. The Experienced Associate will audit a diverse range of companies, build robust client relationships grounded in a deep understanding of their operations, challenges, and compliance needs. The role is pivotal in delivering top-notch services, centering on clients' business, IT, and security risk management.

Responsibilities :

• Knowledge of relevant regulations and industry standards (e.g., SSAE 18 / SOC, HIPAA, ISO-27001, COSO, HITRUST, etc.) and best practices and methodologies to address these requirements.
• Knowledge of audit principles such as risk assessment, materiality, independence and sufficiency of evidence.
• Ability to apply these requirements to organizational internal control frameworks.
• Understanding of technical concepts such as cyber security, virtualization, data center, cloud computing, and the like.
• Ability to interpret / relay technical information to all levels of technical aptitude, including senior management. This includes written and oral communications.
• Documentation skills are a must. Ability to articulate, write and present information in a clear and understandable manner and to meet the re-performance standard required for supporting our audit work.
• Strong time management, project management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment.
• Strong interpersonal skills.
• Demonstrated ability to quickly understand and assimilate business processes.
• Conduct detailed audits of clients' business processes and IT controls, ensuring compliance with industry standards and regulations.
• Observe, review, document, and test key business process transactions, access controls, change management controls, operational and organizational controls, and automated controls for engagements.
• Review, document, evaluate and test application controls, particularly automated controls on a wide range of systems and software applications across a wide variety of client business processes.
• Evaluate clients' business, IT, and security risks, identifying areas of concern and recommending appropriate control measures and process improvements to mitigate risks.
• Assess security policies and procedures, reviewing risk management / risk assessment documentation, and controls of our clients' business applications, networks, operating systems, and other components of their technology infrastructure.
• Support internal and external security assessments of new and existing services and infrastructure including operational, regulatory, and contractual requirements.
• Develop and nurture strong relationships with clients, gaining insight into their businesses, risks, and compliance requirements to tailor audit approaches effectively.
• Execute audit procedures efficiently and effectively, analyzing systems, processes, and controls to assess their adequacy and effectiveness in managing risks.
• Prepare comprehensive audit reports detailing findings, recommendations, and remediation plans, ensuring clear communication of audit results to clients.
• Develop a technical understanding of cyber security best practices in order to advise and audit clients on their security posture.
• Follow up on remediation progress or management responses.
• Provide guidance and mentoring to less experienced team members.

Qualifications :

Compensation :

The anticipated ranges for this position are outlined below : and are subject to change :

$42,447 - $130,380

When determining compensation, we consider a variety of factors such as a candidate's professional experience, skills, and qualifications. Please note that final offer amounts may vary from the ranges listed above and may be adjusted over time.

Benefits :

Sensiba has a robust offering of benefits for full-time professionals , including :

At Sensiba, we believe that diversity drives innovation. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, Sensiba complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Sensiba expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Sensiba employees to perform their job duties may result in discipline up to and including discharge.