Title: IT Business Analyst III or IV (Compliance & Controls Analyst)
Location: Frisco, TX or Overland Park, KS (OP, KS is preferred since managers sit here, but expects Frisco to have a larger candidate pool) - MUST be onsite 3 days per week
Duration: 1 year to start with potential for extension or conversion.
Level IV's require at least one certification + minimum 5-7+ YOE
Start
Date: Anticipating Dec. 8
Overview
Client's IT Compliance team is expanding to support a significant government and industry compliance initiative (USGCI, PCI, and CMMC). We are looking for experienced IT Compliance & Controls Analysts who can balance technical acumen with strong communication skills to ensure our systems meet rigorous regulatory standards.
This role is ideal for professionals who thrive in high-volume, detail-oriented environments and can confidently engage cross-functional IT, audit, and compliance teams to assess, document, and strengthen control effectiveness across hundreds of applications.
Key Responsibilities
- Conduct IT general controls (ITGC) testing across applications, databases, and servers to validate design and operational effectiveness (PCI, USGCI, CMMC, NIST 800-171, etc.).
- Lead live walkthroughs with control owners and operators, assessing evidence and identifying potential control gaps.
- Document and escalate compliance issues in a collaborative and solutions-focused manner.
- Work within ServiceNow CMDB to track and manage control inventory, evidence, and system dependencies.
- Partner closely with IT and business stakeholders to support both internal and external audits for USGCI, PCI, NSA, HIPAA, GBLA, COPA, and other regulatory frameworks.
- Support large-scale audit readiness efforts-overseeing controls across 10-12 applications per analyst and contributing to testing across 182 total applications.
- Adapt quickly to new systems and environments; communicate findings clearly to technical and non-technical audiences.
Must-Have Qualifications
- 5-7+ years of IT audit, IT risk, or compliance experience with a focus on NIST 800-171.
- Hands-on knowledge of IT environments (applications, databases, servers) and how they interact from a controls perspective.
- Experience with CMMC frameworks
- Demonstrated success performing USGCI or other government compliance testing.
- Familiarity with ServiceNow CMDB (experience maintaining configuration items or IRGC modules a plus).
- Strong interpersonal and communication skills-able to engage diverse teams, facilitate discussions via Microsoft Teams, and explain complex issues in plain English.
- Self-motivated, organized, and able to manage multiple concurrent assessments under tight timelines.
Preferred / Nice-to-Have
- Active certifications: CISA, CCA, CCP, or related IT audit credentials.
- Experience supporting PCI or USGCI readiness initiatives.
- Familiarity with Steven Covey's "Speed of Trust" principles or similar leadership frameworks.
- Proven ability to operate effectively in enterprise-scale environments with thousands of controls across 150+ applications.
- Prior experience in telecommunications, government contracting, or regulated enterprise settings.
Why This Role
- This is a high-visibility opportunity within a mission-critical compliance program. Analysts in this role will directly support client's IT readiness for federal and industry assessments, shaping the organization's security and compliance posture for years to come.
Internal Notes:
Profile Focus:
- IT-centric auditors or compliance analysts (not financial or SOX-only backgrounds).
- Must have NIST 800-171 and CMMC exposure-these are non-negotiable.
- Candidates talking about NIST 800-53 only are likely from finance backgrounds reject.
- Look for hands-on ServiceNow CMDB or Archer experience - this also signals IT background.
Certifications to Prioritize:
- CISA, CCA, CCP = top of the list.
|
Spectraforce Technologies
Oct 07, 2025