
Posted a month ago
Governance and Compliance Analyst
Thomson Reuters
Requirements
Bachelor's degree in IT, Accounting, Finance, or Computer Science, 1–3 years experience in SoX, SOC 2, PCI DSS, or ISO frameworks, Understanding of NIST CSF, ISO, SOC 2 TSC, and PCI DSS, Knowledge of security vulnerabilities (OWASP, SANS), English fluency
Skills
AuditComplianceSOX
About the role
Responsibilities
- Support the assessment, challenge, and testing of the design and operational effectiveness of controls using the company's control framework.
- Execute testing plans by communicating requirements to control owners, reviewing evidence, and documenting deficiencies.
- Assist in liaising for both external and internal audits and identify non-compliant procedures or practices.
- Work with stakeholders to track remediation plans for identified control deficiencies.
- Contribute to the implementation of automated compliance controls and AI-assisted solutions for evidence collection and validation.
- Maintain documentation of automation workflows, logic, and validation processes to ensure transparency and auditability.
Requirements
- Bachelor's degree in IT, Accounting, Finance, Computer Science, or equivalent experience.
- 1–3 years of relevant experience in SoX (ITGC), SOC 2, PCI DSS, or ISO frameworks (e.g., 9001, 27001, 42001).
- Foundational understanding of control frameworks such as NIST CSF, ISO, SOC 2 TSC, and PCI DSS.
- Awareness of common security vulnerabilities in web and cloud environments (e.g., OWASP, SANS, CSA).
- Strong ethical principles and professional integrity regarding information security.
- Fluency in English (written and oral); additional fluency in French or Spanish is an asset.
Preferred Qualifications
- Progress toward or completion of professional certifications such as CISA, CISM, CRISC, CCAK, or ISO 27001.
- Exposure to cloud environments (AWS, Azure, GCP) and related control testing.
- Familiarity with automation tools or scripting languages like Python in an audit context.
- Experience with GRC platforms such as ServiceNow, ProcessUnity, RSA Archer, or MetricStream.
- Interest in applying generative AI to compliance evidence collection or control testing.
Benefits
- Hybrid work model with flexible arrangements.
- Comprehensive health, mental health, and financial wellbeing resources.
- Career development through "Grow My Way" programming and a skills-first approach.
- Paid volunteer days and opportunities for social impact.
- Flexible vacation and retirement savings plans.
About the Company
Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media, helping institutions pursue justice, truth, and transparency.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeGovernance and Compliance Analyst
Thomson Reuters · Mexico City
