IT Audit & Compliance Analyst
Company: Marcus & Millichap
Location: Portland
Posted on: February 16, 2026
|
|
|
Job Description:
Job Description Job Description We are seeking a mid-level IT
Audit & Compliance Analyst to join our IT organization at a
publicly traded company. This role supports SOX compliance, SOC 2
reporting, and IT risk management, and works closely with Internal
Audit, Finance, and Cybersecurity teams to ensure strong technology
controls and regulatory compliance. This position is ideal for
someone with a solid foundation in IT controls and audits who wants
to deepen their experience across SOX, SOC 2, and cybersecurity
governance. Key Responsibilities SOX & IT Controls Perform and
support SOX IT General Controls (ITGC) testing, including: User
access management Change management System operations and backups
Assist with walkthroughs, risk assessments, and control
documentation Track and support remediation of control deficiencies
Partner with Internal Audit and external auditors during SOX audits
SOC 2 & Third-Party Assurance Support SOC 2 Type I and Type II
readiness and ongoing compliance Maintain control narratives,
evidence, and audit artifacts Coordinate with IT, Engineering, and
Security teams to ensure controls are operating effectively Assist
in responding to customer and vendor security questionnaires
Cybersecurity & Risk Collaboration Work with the Cybersecurity team
on: Security policies and standards Risk assessments and control
alignment (NIST, ISO, etc.) Incident response and access reviews
(governance perspective) Help bridge compliance requirements with
security operations Documentation & Continuous Improvement Maintain
IT policies, procedures, and control documentation Identify
opportunities to improve control design, automation, and audit
efficiency Stay current on regulatory and industry best practices
Required Qualificatons 3–6 years of experience in IT audit, IT
compliance, or technology risk Hands-on experience with SOX ITGCs
Exposure to SOC 1 and/or SOC 2 audits Understanding of core IT
processes (access, change, SDLC, infrastructure) Strong
documentation and communication skills Preferred Qualfications
Experience in a public company environment Familiarity with
cybersecurity frameworks (NIST, ISO 27001, CIS) Experience working
with external auditors or Big 4 firms Certifications or progress
toward: CISA - Required CISM CRISC CISSP (a plus, not required)
What We Offer Exposure to SOX, SOC 2, and cybersecurity governance
Career growth toward Senior IT Auditor, GRC Manager, or Cyber Risk
roles Cross-functional work with IT, Security, Finance, and Audit
teams Competitive compensation and benefits Why This Role Is
Attractive (unspoken but real) Not “pure audit” — includes security
and risk exposure Public company experience (very marketable) Clear
path into senior IT audit, GRC, or cyber risk LI-CT1 We may use
artificial intelligence (AI) tools to support parts of the hiring
process, such as reviewing applications, analyzing resumes, or
assessing responses. These tools assist our recruitment team but do
not replace human judgment. Final hiring decisions are ultimately
made by humans. If you would like more information about how your
data is processed, please contact us.
Keywords: Marcus & Millichap, Beaver Creek , IT Audit & Compliance Analyst, IT / Software / Systems , Portland, Oregon
