Sr IT Governance Risk and Controls Analyst

Sr IT Governance Risk and Controls Analyst

Join Refresco as a Senior IT Governance, Risk, and Controls Analyst and contribute to our global beverage solutions business.

Summary

Description:

This role is responsible for maintaining and improving our IT governance, risk, and compliance (GRC) program, with a focus on SOX compliance, application and data transfer controls, validating the completeness and accuracy of reports, third‑party risk management, and disaster recovery.

• Conduct comprehensive IT risk assessments, including identifying and analyzing potential threats and vulnerabilities across applications, infrastructure, and data.
• Develop and maintain risk registers documenting identified risks, their potential impact, and mitigation strategies.
• Collaborate with IT and business stakeholders to prioritize and remediate identified risks.
• Assess the impact of IT changes on policies, risks, controls, and governance processes (including disaster recovery and RCM).
• Maintain and update the Risk and Control Matrix.
• Evaluate the design and monitor the execution of management’s SOX controls.
• Participate in business process walkthroughs to identify application controls, reports, and ITGC dependencies/risks.
• Review SOC reports and map control deficiencies to relevant IT risks.
• Ensure all control evidence of operating effectiveness is maintained timely and manage the development, reporting, and completion of remediation plans.
• Identify and evaluate application controls, interfaces/batch jobs, and reports key to supporting SOX business processes.
• Evaluate the design and effectiveness of controls intended to mitigate data transfer errors and incompleteness.
• Evaluate the design and accuracy of reports used for key controls.
• Support the implementation of a third‑party risk management program and monitor associated risks.
• Develop, maintain, and test the IT disaster recovery plan and manage audit requests by third parties.
• Perform cyber security posture evaluations and design strategies to assess the ICFR impact of incidents.
• Draft disclosures regarding cyber security posture, incidents, and responses as necessary.
• Ensure compliance with relevant regulations and industry standards (e.g., SOX, NIST) and assist with internal and external audits.

• Advanced knowledge of SOX controls and compliance; experience implementing or improving SOX.
• Strong drive, organizational skills, and project/program management experience.
• Ability to proactively manage diverse stakeholder groups.
• Excellent accounting, analytical, interpersonal, and communication skills.
• Technical expertise in ERP system design and operation.
• In‑depth knowledge of IT governance frameworks (COBIT, ITIL) and risk management methodologies.
• Strong understanding of SOX requirements and IT general controls (ITGCs).
• Problem‑solving, results‑oriented mindset with prioritization skills.
• Experience evaluating and governing SAP ITGCs.

• Undergraduate degree in Accounting, Information Technology, Computer Science, or a related technical field.
• CPA, CIA, CISA, or CRISC designation required (two or more preferred).
• 3+ years relevant work experience in public accounting or 4+ years in industry.
• 2+ years working with SOX in the IT domain for a company listed on a US market.

• Medical, Dental, and Vision Insurance
• Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
• Life and AD&D Insurance, Critical Illness, Hospital Indemnity, and Accident Insurance
• Short‑term and Long‑term Disability Insurance
• Pet Insurance
• Legal Benefits
• 401(k) Savings Plan with Company Match
• 12 Paid Holidays
• Vacation Days and Paid Sick Time Off
• Well‑being Benefit
• Discount and Total Reward Programs

Mid‑Senior Level

Full‑time

Information Technology

Food and Beverage Services

Equal Opportunity Employer. Refresco Beverages US Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, gender expression, veteran status, or any other classification protected by federal, state, or local law.