IT Compliance Analyst

The Area: The Information Security department is responsible for setting enterprise security policies and standards designed to protect the confidentiality, integrity, and availability of Morningstar information. The team provides guidance and technical expertise in application security, policies and procedures, disaster recovery, and compliance/regulation. They analyze emerging threats and conduct risk and vulnerability assessments to secure information.

The Role: The IT Risk and Compliance Analyst will support compliance-related responsibilities, document security processes, ensure compliance obligations are met, identify and follow up on security findings, gather audit evidence, conduct 3rd party vendor risk assessments, and respond to customer RFPs and due diligence questionnaires.

Job Responsibilities:

• Support compliance related responsibilities such as SOX, SOC2, PCI-DSS, SEC
• Monitor and enforce compliance to security policies and standards
• Conduct 3rd party vendor risk assessments
• Document and review security policies, processes, and procedures regularly
• Respond to customer RFPs and due diligence questionnaires
• Gather evidence for internal and external audits
• Liaise with third party audit personnel as required

Qualifications:

• Bachelor's degree and 2+ years in risk and compliance or IT auditor role
• Familiarity with compliance standards like SOX, SOC2, PCI-DSS, GDPR
• Experience with IT audits and risk assessments
• Knowledge of security frameworks such as ISO 27001, NIST
• Strong organizational and multitasking skills
• Strong business analysis, research, and analytical skills
• Excellent communication skills
• Experience reviewing SOC 2 reports
• Availability to work off business hours as required

Morningstar offers a hybrid work environment with opportunities to work remotely and collaborate in-person three days each week along with various benefits for flexibility and global engagement.