Senior IT Compliance Analyst

About Arhaus
Founded in 1986, Arhaus is a growing lifestyle brand and omnichannel retailer of premium home furnishings. Through a differentiated proprietary model that directly designs and sources products from leading manufacturers and artisans around the world, Arhaus offers an exclusive assortment of heirloom quality products that are sustainably sourced, lovingly made, and built to last. With more than 100 showroom and design studio locations across the United States, a team of interior designers providing complimentary in-home design services, and robust online and e-commerce capabilities, Arhaus is known for innovative design, responsible sourcing, and client-first service. 

As an IT Compliance Analyst, you will be responsible for providing comprehensive IT risk management and assurance services within the Company. This role entails assessing and mitigating IT risks, assessing design and operating effectiveness of IT controls and processes, and assisting IT Management in remediation of control deficiencies. In this role, you will collaborate with various stakeholders, including IT team, Internal Audit, Business Compliance and business process owners, to ensure that IT-related risks are identified, assessed, and managed in alignment with organizational objectives and regulatory (SOX) requirements. This position requires a strong understanding of IT risk management frameworks (e.g., COSO), SOX regulatory compliance, and best practices in IT governance.

Risk Assessment:

• Conduct IT risk assessments to identify potential risks and vulnerabilities and recommend proactive measures to mitigate threats.
• Evaluate and provide insights on the adequacy and effectiveness of IT risk management processes.
• Develop risk assessment frameworks, methodologies, and tools.
• Develop and implement risk mitigation strategies and action plans.

IT Control Evaluation:

• Coordinate with internal and external auditors to facilitate IT audits and assessments.
• Evaluate the design and operational effectiveness of IT processes, policies, and procedures to ensure IT policies and procedures are implemented, up-to-date and compliant with current SOX regulations and industry standards.
• Assess the design and operating effectiveness of IT controls associated with IT systems, infrastructure, and applications to ensure compliance with regulatory requirements and internal policies.
• Identify control gaps and recommend improvements to enhance the control environment.
• Maintain clear and concise documentation of risk assessments, control evaluations, and audit findings.

• Perform evolutions of Service Organization Controls (SOCR - SSAE 16 // ISAE 3402 / SOC 1)

Remediation and Process Enhancement:

• Identify and document deficiencies in IT controls, and work with management to develop and implement remediation plans.
• Assist Management to design and implement IT controls to mitigate risks and enhance the overall control environment.
• Assist management in the development, implementation, and maintenance of IT policies and procedures.
• Assist management in the development of standard operating procedures (SOPs), process flow diagrams, and narratives.

Compliance and Governance:

• Ensure compliance with relevant regulations, industry standards, and internal policies.
• Monitor and assess changes in regulatory environments and industry best practices.
• Provide recommendations to improve IT governance frameworks and practices.

Collaboration and Compliance Support:

• Collaborate with IT, Internal Audit, Business Compliance and business owners to promote a culture of risk awareness and compliance.
• Advise on risk and control implications for new projects and system implementations.
• Serve as a subject matter expert on IT risk and control issues.
• Proactively engage with Internal and External audit functions to align on methodologies, scope and approach related to audit activities.

Reporting and Communication:

• Prepare and present IT risk and control reports to senior management and stakeholders.
• Communicate risk management and assurance findings effectively to various audiences.
• Proactively communicate with internal and external audit functions.
• Communicate audit results to various stakeholders, including management and IT teams.
• Track and monitor the implementation of audit recommendations and verify compliance.

Training and Awareness:

• Deliver training programs to users to enhance understanding and awareness of IT compliance requirements.
• Foster a culture of compliance within the organization through regular communication and education initiatives.

Continuous Improvement:

• Stay current with industry trends, emerging risks, and best practices in IT risk management and assurance.
• Identify opportunities for continuous improvement in IT risk and control processes.
• Promote the adoption of innovative solutions to enhance the organization’s risk management capabilities.

Requirements:

• Bachelor's degree in Accounting, Computer Science, Information Systems, or a related field.
• Professional certification such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Public Accountant (CPA) or equivalent.
• Proven experience in IT auditing, risk assessment, and compliance (5 years)
• Thorough knowledge of IT controls, security, and risk management frameworks (e.g., COBIT, ISO 27001, NIST).
• Familiarity with IT governance principles and best practices.
• Proficient in conducting system and data analysis.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively in a team environment.
• Detail-oriented with strong organizational and time management skills.
• Familiarity with audit software tools and data analytics is a plus.

Arhaus is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. Arhaus is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Arhaus are based on business needs, job requirements, and individual qualifications, without regard to race, color, sex, sexual orientation, gender identity, religion or belief, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Arhaus will not tolerate discrimination or harassment based on any of these characteristics. Arhaus encourages applicants of all ages.