IT Senior Analyst en Hillwood

Company Overview:

Hillwood, a Perot Company, is a premier real estate investment and development company founded on a culture of integrity, respect, excellence and teamwork. The company is a full-service real estate developer, investor and advisor focused on developing opportunities for investors, partners and communities around the world. See additional details at www.hillwood.com.

Position Summary:

Hillwood is seeking an experienced and strategic Senior IT Audit and Compliance Analyst to join our IT Security and Risk team in Dallas, TX. This role serves as a critical bridge between cybersecurity risk management and ITGC audit coordination, ensuring the organization maintains compliance with regulatory frameworks while proactively identifying and mitigating cyber risks. The Senior IT Audit and Compliance Analyst will lead efforts to streamline audit readiness, enhance control effectiveness, and support enterprise-wide risk initiatives. This position requires a strong understanding of IT governance, exceptional analytical and communication skills, and the ability to collaborate effectively with both technical teams and business stakeholders. As a key liaison with third-party auditors and internal leadership, the selected individual will play a vital role in safeguarding the organization’s operational integrity and regulatory posture.

Responsibilities:

Risk Management and Strategy:

• Assess and prioritize cybersecurity risks across critical business systems and processes.
• Align cybersecurity risk management strategies with organizational goals and business objectives.
• Evaluate the cost-effectiveness of security controls and recommend optimized risk mitigation strategies.
• Explore and implement risk transfer mechanisms such as cybersecurity insurance.
• Conduct security reviews and identify gaps in security architecture, recommending mitigation strategies.
• Build and manage remediation plans for risks identified during assessments, audits, and inspections.

Audit and Compliance Coordination:

• Collect, organize, and validate ITGC evidence across infrastructure and applications (e.g., Active Directory, SQL, JDE).
• Prepare and manage audit evidence packages for internal and external audits.
• Track audit timelines and ensure timely delivery of required documentation.
• Maintain audit logs, control matrices, and centralized evidence repositories.
• Coordinate with system owners and administrators to retrieve and verify access control data.
• Serve as the primary point of contact for third-party auditors and internal stakeholders.
• Review authorization and assurance documents to confirm acceptable risk levels for systems and applications.
• Perform risk analysis when systems undergo major changes.

Policy and Governance Support:

• Review internal cybersecurity policies and procedures annually to ensure alignment with regulatory standards.
• Ensure implementation and functionality of security requirements and IT policies consistent with organizational goals.
• Provide subject matter expertise to internal risk and compliance departments.
• Support third-party risk management efforts and ensure compliance with applicable regulations and policies.

Required Skills and Abilities:

• Strong analytical and problem-solving skills with the ability to interpret audit findings and develop remediation strategies.
• Excellent organizational and communication skills, with the ability to manage multiple priorities.
• Ability to collaborate effectively with cross-functional teams including IT, HR, Finance, and Legal.
• Ability to communicate business risk and mitigation strategies to stakeholders.
• Understanding of access provisioning and deprovisioning workflows.
• Knowledge of regulatory frameworks and standards (e.g., SOX, NIST RMF, ISO 27000, COBIT).

Education & Experience:

• Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
• CISA, CRISC, CISSP, or CISM certifications are a plus.
• 5+ years of experience in IT audit, cybersecurity risk management, or enterprise risk management.
• Experience working with GRC platforms (e.g., ServiceNow IRM) and enterprise systems (e.g., Active Directory, SQL, JDE).
• Experience with regulatory compliance and risk management frameworks (e.g., NIST CSF, ISO 27005).

EEO Statement:

 Hillwood is committed to providing Equal Opportunity in Employment, to all applicants and employees regardless of race, color, religion, gender, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or any other characteristic protected by law.

#CORP