IT Assurance and Compliance Analyst

About the role

CACI is seeking an experienced Cyber Risk and IT Compliance professional to join our IT Assurance and Compliance Team within the Office of Enterprise Services. As an Information Assurance and Compliance Analyst, you will play a key role in supporting the organization's compliance posture by assessing internal controls, validating adherence to regulatory and policy requirements, coordinating audits, and driving remediation activities with technical teams across multiple compliance frameworks (including SOX, ISO 27001, and NIST 800 171). The analyst partners closely with cybersecurity, infrastructure, applications, and leadership teams to ensure that technology processes meet both internal and external standards.

Responsibilities

• Coordinate, facilitate, and support IT SOX compliance activities as the primary focus of the role, including walkthroughs, evidence collection, ITGC testing support, remediation tracking, and audit readiness.
• Support internal and external IT SOX audits, ISO 27001 internal assessments, and special audits, as well as third‑ party compliance assessments for IT ‑ relevant services (e.g., NIST SP 800 ‑
• 171, CMMC) as needed.
• Monitor remediation and corrective action plans across Corporate and program enclaves, ensuring timely and complete resolution of SOX findings and broader compliance issues.
• Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
• Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well‑governed control environment.
• Build and maintain strong working relationships across IT, cybersecurity, infrastructure, and business stakeholders at all organizational levels.
• Assist with IT compliance and assurance special projects as required, including process maturity initiatives and control automation efforts.
• Research and stay current on evolving IT regulatory requirements-particularly SOX and SEC requirements-while gaining exposure to cybersecurity frameworks (NIST 800 ‑X), DFARS, and CMMC regulations.
• Maintain a continuous learning mindset as technologies, regulations, and compliance frameworks evolve.

Requirements

• Required:
• Develop, maintain, and improve compliance documentation and guidance, including system security plans, policies, procedures, and control libraries.
• Communicate and collaborate with IT teams to strengthen SOX control performance, improve security compliance, and support a consistent, well
• Bachelor's degree in Auditing, Management Information Systems, Information Assurance, Cybersecurity or related area.
• 2+ years of Information Technology Auditing or Consulting work experience.
• Experience leading, coaching and training others as a team leader, or formal supervisor experience.
• Experience with Sarbanes Oxley (SOX), COSO, CoBIT, DFARS 252.204-7012, ISO 27001, and NIST SP800-171.
• Experience leveraging auditing principles and methods to evaluate policies, processes, and systems to identify risks and control gaps.
• Experience documenting, understanding, and evaluating IT governance and risk management concepts and IT general controls and practices, such as IT infrastructure, cybersecurity, change management, and application control processes.
• Ability to identify risks and propose feasible and effective solutions, and document and communicate findings and recommendations to management.
• Clear articulation and exceptional written and verbal communication skills.
• Strong people skills and ability to work collaboratively and cooperatively with external auditors/assessors and employees irrespective of their status in the organization.
• Strong organizational and project management skills, including ability to multi-task with shifting deadlines.
• Ability to work independently, with minimal direction in a complex environment.
• Desired:
• CIA, CISA, CRISC, ISO 27001 and other certifications
• Experience in a regulated industry such as Government Contracting
• Experience supporting IT SOX programs end to end (walkthroughs, testing coordination, evidence requests, deficiency analysis, remediation validation).
• Experience using ServiceNow IRM or compliance management
• -
• What You Can Expect:
• A culture of integrity.
• At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
• An environment of trust.
• CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy t

Additional Information

Job Title: IT Assurance and Compliance Analyst Job Category: Information Technology Time Type: Full time Minimum Clearance Required to Start: None Employee Type: Regular Percentage of Travel Required: Up to 10% Type of Travel: Continental US * * *

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at CACI? Share your experience