Job Description for IT Analyst (IT Security – Compliance)

Experience: 3–5 years’
Team: TSV IT Security, TIPL
Reporting: IT Security Manager (ITRM)
Travel: Yes

Textron Inc. (NYSE: TXT) is not only one of the world's best-known multi-industry companies, but also a pioneer of the diversified business model. Founded in 1923, we have grown into a network of businesses with total revenues of $12 billion, and approximately 33,000 employees with facilities and presence in 25 countries, serving a diverse and global customer base. Headquartered in Providence, Rhode Island, U.S.A., Textron is ranked 236 on the FORTUNE 500 list of largest U.S. companies. Organizationally, Textron consists of numerous subsidiaries and operating divisions, which are responsible for the day-to-day operation of their businesses. For more information, please visit www.textron.com 

Textron India Private Limited in Bangalore was incorporated in 2004 under the Companies Act, 1956, to better serve our customers around the world. This is a global resource that provides engineering and technological solutions for many Textron business units. For more information, please visit www.textron.in 

POSITION SUMMARY

Incumbent will join Textron Specialized Vehicles’ IT Security team to support the IT compliance program for TIPL and TSV. The role focuses on SOX compliance, IT General Controls (ITGC) execution, internal controls reviews, risk assessments, and audit support (internal and external audits). The analyst will coordinate evidence collection, perform control testing, track remediation, and help maintain compliance with Textron Security Policy and ITRM standards. The role collaborates closely with technical and business teams on access governance, vulnerability governance, and policy exceptions.

Job Overview

We are seeking a detail‑oriented IT Security Compliance Analyst with 3–5 years of experience to plan, execute, and continuously improve our audit and compliance activities. The analyst will coordinate external audits and internal reviews end‑to‑end; perform ITGC walkthroughs and testing; manage SOX control cycles; conduct User Access Reviews (UARs) and Segregation of Duties (SoD) checks; run risk assessments across projects and third parties; and maintain year‑round compliance tracking. Strong documentation discipline, stakeholder coordination, and clear communication are essential.

Key Responsibilities

Audit Support (External & Internal)

• Act as day‑to‑day coordinator for external audits and internal audits; manage PBC lists, schedule walkthroughs, and ensure on‑time, complete evidence submissions.
• Prepare narratives, flowcharts, control matrices; facilitate control owner interviews; validate scope, population, and samples.
• Maintain an organized audit evidence repository with traceability from request → evidence → conclusion.

SOX & IT General Controls (ITGC)

• Execute/coordinate design & operating effectiveness testing for Access to Programs & Data, Change Management, and IT Operations controls across in‑scope systems (AD, SAP/Oracle/critical applications, ServiceNow, etc.).
• Document test steps, samples, results, and exceptions; propose mitigating controls where gaps exist and track remediation and re-testing to prevent repeat findings.

Risk Assessments (Varied)

• Perform and coordinate External/Third‑Party Risk Assessments (SaaS/hosting), reviewing SOC 1/2, bridge letters, and user control considerations.
• Conduct Application/Project Risk Assessments for new/changed systems; capture data classification, control requirements, and residual risk.
• Support Change/Implementation Risk Assessments for significant releases or infrastructure changes.
• Facilitate Data Protection/Privacy impact checks where applicable (e.g., handling of personal or sensitive data).
• Summarize risk ratings, treatment plans, and due dates; track closure through to sign‑off.

Access Governance & Segregation of duties (SoD)

• Run periodic UARs; verify least privilege and timely removals for movers/leavers.
• Execute SoD analysis; partner with application/security teams to remediate toxic combinations or document compensating controls.
• Review joiner/mover/leaver controls and access activity.

Policies, Standards & Internal Controls

• Map local procedures to Textron Security Policy/ITRM standards; maintain control procedures, RACIs, and evidence templates.
• Draft/refresh SOPs for evidence collection, control performance, population/sampling, exception handling, and retention.

Year‑Round Compliance Tracking

• Own/maintain the annual compliance calendar (control performance cadence, audit windows, quarterly SOX testing, year‑end testing, remediation checkpoints).
• Track and report KPIs/KRIs: UAR completion, SoD findings aging, audit request cycle times, ServiceNow tickets, ITGC exceptions, risk assessment turnaround, vulnerability SLA adherence (compliance lens).
• Publish monthly scorecards and facilitate reviews with control owners and leadership; drive continuous improvement initiatives.

Vulnerability / Endpoint Governance (Compliance Lens)

• Monitor compliance SLA adherence and exception status; partner with platform teams to ensure closure or formally logged/timed exceptions.

Training & Enablement

• Provide enablement to control owners: checklists, sampling guides, labeling/retention standards, and “good evidence” examples.
• Contribute to awareness on SOX/ITGC expectations and audit readiness.

Qualifications and Key Skills

• Bachelor’s in Computer science, Information Systems, Cybersecurity, or related field.
• 3–5 years in IT compliance, IT audit, or security governance within enterprise environments.
• Hands‑on with SOX/ITGC (Access, Change, Operations), audit walkthroughs, sampling, UARs/SoD, and evidence preparation.
• Familiarity with frameworks/standards: SOX, NIST 800-171, SOC 1/2 reviews; working knowledge of CIS Controls preferred.
• Tooling familiarity (any subset): Active Directory, SAP Security/GRC, Oracle EBS security, ServiceNow, ticketing/approval workflows, Excel/Power BI, SharePoint/OneDrive.
• Strong documentation, analytical, and stakeholder communication skills (IT, business, auditors).
• Preferred certifications: CISA / Security+ / CISM / CIA are plus.

• Additional Competencies

• Ability to multi‑task and prioritize across audit cycles and control operations.
• Flexible to support time‑zone differences and audit timelines; quick to learn new systems.
• Excellent troubleshooting and follow‑through; delivers on commitments.
• Strong listening/influencing skills; customer‑focused and collaborative.
• Comfortable working through ambiguity and shifting priorities while maintaining compliance rigor.
• Clear interpersonal/communication skills to define requirements with business partners and articulate control expectations.