Skip to main content
Back to jobs

Governance and Compliance Analyst

External
Thomson Reuters logoThomson Reuters · Mexico City, Mexico
Full-timeHybrid1w ago
AWSAzureClassificationCloud SecurityComplianceDocumentation
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Control Testing & Audit (Primary - ~65%)
  • Support the assessment, challenge, and testing of the design and operational effectiveness of controls using TR's control framework, working collaboratively with control owners and stakeholders to improve the control testing process, including defining re-test cycles and evidence expected.
  • Assist in executing testing plans by communicating requirements to control owners, reviewing evidence submitted, documenting deficiencies found, and supporting the next steps in meeting control requirements.
  • Assist in liaising for both external and internal audits; identify procedures and practices that are not compliant with industry frameworks.
  • Support stakeholders making changes to address non-compliance issues, and help compile reports on audit results to present to managers & supervisors.
  • Work closely with other teams like ERM, Finance, business and application owners, third party or contractors supporting processes to help report and track remediation plans for any control deficiencies identified.
  • Build awareness about security risks, best practices and policy/standard requirements that are essential to ensure compliance.
  • Automation & AI-Enabled Compliance (~35%)
  • Contribute to the implementation of automated compliance controls by working with the Automation & AI team, including evidence collection, validation, and reporting capabilities, to optimize workflows.
  • Work with internal assessors to identify automation opportunities and assist in the deployment of AI-assisted solutions - covering automated evidence gathering, validation and classification, workflow notifications, and preliminary control effectiveness ratings.
  • Help maintain documentation of automation workflows, logic, and validation processes to ensure transparency and auditability; develop awareness of emerging technologies in controls automation and AI.
  • About you:
  • Required Qualifications
  • Bachelor's degree in IT, Accounting, Finance, Computer Science, or equivalent education and experience.
  • 1-3 years of relevant experience in SoX (ITGC), SOC 2, PCI DSS, or ISO frameworks (9001, 27001, 42001, etc.) within internal audit, advisory, consulting, or a Governance & Compliance function - including exposure to control testing or IT-IS assessment work.
  • Foundational understanding of control frameworks such as NIST CSF, ISO Frameworks, SOC 2 TSC, and PCI DSS.
  • Exposure to working with or alongside internal audit, risk, or compliance teams, including documenting findings and supporting remediation tracking.
  • Awareness of common security vulnerabilities in web and cloud environments, drawing on sources such as SANS, OWASP Top 10, and the Cloud Security Alliance (CSA).
  • Strong ethical principles and understanding of business and information security ethics.
  • Good oral and written communication skills in English; additional fluency in French, Spanish, or another language is an asset.
  • Familiarity with GRC platforms such as ServiceNow, ProcessUnity, RSA Archer, MetricStream, or Protecht is an asset.

Requirements

  • Progress toward or completion of a professional certification: CISA, CISM, CRISC, CCAK, or ISO 27001 (preferred).
  • Exposure to cloud environments and related control testing (AWS, Azure, GCP).
  • Familiarity with automation tools or scripting (e.g. Python) in a compliance or audit context.
  • Interest in or exposure to AI or generative AI applied to compliance evidence collection or control testing.
  • #LI-DD3
  • What's in it For You?
  • Hybrid Work Model: We've adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected.
  • Industr

Benefits

Flexible schedule

Additional Information

Are you looking to build your career in IT audit and compliance? We are growing and we are hiring, come join us. In this hybrid role, you will support control testing and audit programs while gaining hands-on exposure to automation and AI-enabled compliance workflows. You will work alongside Senior Analysts, control owners, and the Automation & AI team to help test, evidence, and report on the effectiveness of controls across Thomson Reuters' multi-framework compliance portfolio.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Thomson Reuters? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect