Sr Governance and Compliance Analyst

Responsibilities

• Control Testing & Audit (Primary - ~65%)
• Assess, challenge, and test the design and operational effectiveness of controls using TR's control framework by working collaboratively with control owners and stakeholders to improve the control testing process, including defining re-test cycles and evidence expected.
• Execute a testing plan by communicating requirements to control owners, reviewing evidence submitted, agreeing on deficiencies found and finalizing the next steps in meeting control requirements.
• Oversee and act as a liaison for both external and internal audits; identify procedures and practices that are not compliant with industry frameworks.
• Recommend and support stakeholders making changes to address non-compliance issues, and compile reports on audit results to present to managers & supervisors.
• Work closely with other teams like ERM, Finance, business and application owners, third party or contractors supporting processes to report and track remediation plans for any control deficiencies identified.
• Ensure awareness about security risks, best practices and policy/standard requirements are essential to ensure compliance.
• Automation & AI-Enabled Compliance (~35%)
• Contribute to the implementation and continuous improvement of automated compliance controls by working with the Automation & AI team, including evidence collection, validation, and reporting capabilities, to optimize workflows.
• Collaborate with internal assessors to identify automation opportunities and support the design and deployment of AI-assisted solutions, covering automated evidence gathering, validation and classification, workflow notifications, and preliminary control effectiveness ratings.
• Maintain documentation of automation workflows, logic, and validation processes to ensure transparency and auditability; stay current with emerging technologies in controls automation and AI to inform team strategy and innovation.
• About you
• You are a fit for this role if your background includes:
• Required Qualifications
• Bachelor's degree in IT, Accounting, Finance, Computer Science, or equivalent education and experience.
• 4+ years of relevant experience in SoX (ITGC), SOC 2, PCI DSS, ISO (9001, 27001, 42001, etc.) within internal audit, Big 4/5 advisory, consulting, or a Governance & Compliance function - including direct control testing or Line 1a/1b IT-IS assessment work.
• Strong understanding of control frameworks such as NIST CSF, ISO Frameworks, SOC2 TSC, and PCI DSS; familiarity with NIS2/CRA is an asset.
• Experience working with or alongside internal audit, risk, or compliance teams, including reporting and tracking remediation plans.
• Awareness of common security vulnerabilities in web and cloud environments, drawing on sources such as SANS, OWASP Top 10, and the Cloud Security Alliance (CSA).
• Strong ethical principles and understanding of business and information security ethics.
• Excellent oral and written communication skills in English; additional fluency in French, Spanish, or another language is an asset.
• Familiarity with GRC platforms such as ServiceNow, ProcessUnity, RSA Archer, MetricStream, or Protecht.

Requirements

• One or more professional certifications: CISA, CISSP, CISM, CRISC, CCAK, or ISO 27001 Lead Auditor/Implementer (strongly preferred).
• Hands-on experience testing cloud controls and related technologies (AWS, Azure, GCP).
• Exposure to automation tools, Python scripting, or AI/LLM-assisted workflows in a compliance or audit context.
• Experience with AI, or generative AI applied to compliance evidence collection or control testing.
• Knowledge of data governance, privacy, and ethical automation principles.
• Willingness and drive to learn continuously and approach technological and process change with openness.
• #LI-DD3
• What's in it For You?
• Hybrid Work Model: We've adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected.

Benefits

Additional Information

We are growing and looking for experienced compliance and audit professionals who also embrace technology-driven ways of working. In this hybrid role, you will lead control testing and audit programs while actively contributing to the automation and AI-enabled optimization of compliance workflows. You will partner with control owners, external auditors, and the Automation & AI team to improve how we test, evidence, and report on the effectiveness of controls across Thomson Reuters' multi-framework compliance portfolio.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Thomson Reuters? Share your experience