Risk & Compliance Analyst (Information Systems Analyst II Option A)

at Illinois Department of Innovation & Technology in Springfield, Illinois, United States

Job Description

Essential Functions

35%  Under administrative direction, serves as a Risk & Compliance Analyst for the Department of Innovation & Technology (DoIT):

  • Performs complex professional and advisory functions in the Business Alignment Section.
  • Plans, organizes, and performs audit analysis, design analysis, and support of computer-based management information systems to ensure alignment with senior management’s overall goals and objectives.
  • Assists management in defining and documenting the organization's approach to audit, including objectives, scope, and the governance structure.
  • Collaborates with internal auditors and various departments/divisions pertaining to different audits.
  • Conducts internal assessment of existing processes, policy, and recommends updates.
  • Performs technical investigation and research for functions and phases of systems development including systems analysis and design, testing of different technical approaches to solve complex problems, and the re-designing of existing computer systems and business processes, both internally and externally.
  • Consults with agency management on feasibility and effectiveness of alternatives for system changes.
  • Provides analysis of Information Technology concepts, principles, theories and functions of computer systems, and the principles and techniques of information technology documentation.
  • Utilizes system development life cycle (SDLC) processes and methods, procedures, and techniques of conducting feasibility studies for system conversions and enhancements.
  • Utilizes Microsoft Word, Excel, Visio, SharePoint Lists, SharePoint Document Libraries, and National Institute of Standards and Technology (NIST) standards, frameworks, and best practices in the performance of duties.


25%  Conducts IT compliance reviews to provide technical advice regarding recovery planning for assigned systems, including large-scale requests for application development:

  • Reviews existing systems and business processes for external and internal audit reviews to assess the effectiveness of risk management and compliance programs.
  • Identifies potential risks associated with government operations and programs, conducts compliance assessments to evaluate the impact and likelihood of identified risks, and develops and implements strategies to mitigate and manage risks effectively.
  • Develops and updates internal policies and procedures to ensure compliance with regulations and to manage risks.
  • Participates in System and Organization Controls 1 (SOC 1), SOC 2, Social Security Administration (SSA), Criminal Justice Information Services (CJIS), Individual Retirement Account (IRA) and security audits.
  • Communicates and interprets policies to relevant stakeholders to ensure understanding and adherence.
  • Establishes monitoring mechanisms to track compliance with policies and regulations, ensuring that backup systems, redundant infrastructure, and other recovery mechanisms are in place and functioning correctly.
  • Prepares reports on compliance status and risk assessments for management and regulatory authorities.
  • Develops and implements internal control mechanisms to safeguard against non-compliance and mitigate risks.
  • Collaborates with agencies internal and external auditor and provides accurate and complete audit information to auditors.
  • Participates in governance processes.
  • Participates in enterprise Disaster Recovery (DR) exercises and ensures recovery time objectives (RTO) and recovery point objectives (RPO) for critical systems and data are met.
  • Participates in DR and tabletop exercises and provides reports to senior management and stakeholders.

15%  Conducts extensive compliance reviews of information technology practices and processes:

  • Develops and composes reports of findings, making recommendations to facilitate improvement.
  • Follows-up of corrective action plan (CAP) to ensure successful implementation.


15%  Collaborates with application owners and provides requested information to internal and external auditors:

  • Conducts governance meetings of new applications and shared compliance best practices.
  • Plans, coordinates, and executes DR exercises of large IT systems.


5%  Keeps abreast of new developments in the Information Technology field:

  • Continues education by attending meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
  • Attends demonstrations and exhibitions related to assigned operations.


5%  Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Copy Link

Job Posting: 11968601

Posted On: Jun 11, 2024

Updated On: Jun 26, 2024

Please Wait ...