Title:  Risk & Compliance Analyst Sr IT

Requisition Id:  31676
Job Function:  Information Systems
Career Area:  Corporate Jobs
Work Location:  Bannockburn 1 - 2355 (CORP)

About Us:

At Stericycle, we deliver solutions and drive innovations that protect the environment, people, and public health. This includes working to create a more sustainable, shared future. Our innovative solutions make a difference in people's lives, communities, and our planet by protecting their health and well-being. Change your career. Change your world. Join Stericycle and help protect health and well-being in a safe, responsible, and sustainable way.

Position Purpose:

The Risk & Compliance Analyst Sr IT will be responsible for defining and implementing a leading practice IT internal controls within Stericycle's IT environment and driving a control conscious and compliant organization.  


This role is hybrid - Required three days per week in our Bannockburn, Illinois office.

Key Job Activities:

  • Support control owners through the full management of IT SOX audit cycle, including assisting control owners through continuous improvement of controls, maintaining the IT SOX control framework, facilitating management prep sessions, and helping to validate that audit evidence is complete and accurate prior to providing to the auditors.
  • Builds and maintains positive working relationships with stakeholders, including application, process, and control owners along with management in support of IT Risk and Compliance processes and practices
  • Gains knowledge and understanding of SAP S/4, SuccessFactors, Salesforce, Descartes, Coupa, Concur and other legacy systems for IT SOX controls.
  • Performs targeted risk assessments and provide recommendations to Control Owners.
  • Participates in scoping activities for IT SOX applications, systems changes and business transformation projects.
  • Contributor to the design and implementation of enhancements for internal controls such as segregation of duties, change management, access management, IT operations, workflow, and application configuration, etc.
  • Assists IT SOX process by validating that audit evidence is complete and accurate prior to providing to the auditors.
  • Identifies, communicates and coordinates efforts to resolve control exceptions.
  • Drive continual improvement of the IT SOX governance program through the development of training, facilitation of SOX auditors and creation of support materials and processes for Control Owners.
  • Reviews deficiencies identified during audit or internal assessments and collaborates with the IT Risk & Compliance team to develop and execute remediation plans
  • Supports IT policy steering committee with senior level management to develop IT policies, provide guidance, ensure consistency, and facilitate roll out and maintenance of corporate IT policies. 
  • Supports IT GRC steering committee intend to continuously improve controls with senior level management 
  • Supports user entitlement reviews using homegrown tools built on Alteryx and Outsystems.
  • Acts as a liaison to internal/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders including the integrated audit and facilitation of SOC-1 reviews of Stericycle. 
  • Assist management with remediation plan development, execution and support for control owners
  • Participate in IT SOX walkthroughs, to act as â knowledge resource and to gain an understanding of the current processes and controls
  • Maintain status reports and key metrics to support the IT Risk and Compliance function. 
  • Perform other duties and responsibilities, as assigned.


Preferred Education: in Bachelors or Equivalent

Experience (North America):

  • Bachelor's degree in Information Systems, Computer Science, Accounting, Business or related technical discipline (or equivalent)
  • 5+ years of relevant work experience
  • Familiar with leading practice IT controls frameworks and audit methodologies and IT industry standards (e.g., COSO 2013, COBIT, ISO, CMM, ITIL, PCI, NIST, SSAE 18 SOC, etc.)
  • Strong understanding of regulatory concerns especially IT Sarbanes Oxley (IT SOX)
  • Intermediate knowledge of evaluating internal controls, developing recommendations, designing and implementing solutions
  • Previous internal or external audit experience a plus
  • SAP functional knowledge a plus
  • CISA, CISM, CIA, CPA certifications a plus
  • Intermediate to advanced skills and hands-on experience in building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, Access
  • Basic knowledge of project management principles (planning, organizing, and managing assessment process)
  • Strong interpersonal skills with the ability to work effectively in a matrixed organization
  • Ability to work with teams that are geographically distributed and work across different time zones
  • Able to work in a fast-paced environment, both independently and lead a team
  • Ability to manage and collaborate with onshore and offshore cross-functional teams
  • Strong analytical ability, critical thinking, decision making, judgment and problem analysis techniques
  • Excellent communication skills (verbal, written, and listening)
  • Excellent time management, prioritization and multi-tasking skills
  • Directing Others and Is good at establishing clear directions.  Sets stretching objectives.  Distributes the workload appropriately. Lays out work in a well-planned and organized manner.  Maintains two-way dialogue with others on work and results.  Brings out the best in people.  Is a clear communicator.
  • Managing and Measuring Work and Clearly assigns responsibility for tasks and decisions.  Sets clear objectives and measures.  Monitors process, progress and results.  Designs feedback loops into work.
  • Building Cross-functional Effective Teams and Blends people into teams when needed.  Creates strong morale and spirit in his/her team.  Shares wins and successes.  Fosters open dialogue.  Allows people finish and be responsible for their work, holds people accountable.  Defines success in terms of the whole team.
  • Total Work Systems (e.g. TQM/ISO/Lean/Six Sigma) and Is dedicated to providing organization or enterprise-wide common systems for designing and measuring work processes.  Seeks to reduce variances in organization processes.  Delivers the highest-quality products and services which meet the needs and requirements of internal and external customers.  Is committed to continuous improvement through empowerment and management by data.  Leverages technology to positively impact quality.  Is willing to re-engineer processes from scratch.  Is open to suggestions and experimentation.  Creates a learning environment leading to the most efficient and effective work processes.


Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan. Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.


The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties and requirements of the job.  This document does not create an employment contract, implied or otherwise.  Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources policies and local laws.  To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.

Nearest Major Market: Chicago