**IT Analyst** **Description** Job Description for **IT Analyst** \(IT Security – Compliance\) **Experience:** 3–5 years’ **Team:** TSV IT Security, TIPL **Reporting:** IT Security Manager \(ITRM\) **Travel:** Yes Textron Inc\. \(NYSE: TXT\) is not only one of the world's best\-known multi\-industry companies, but also a pioneer of the diversified business model\. Founded in 1923, we have grown into a network of businesses with total revenues of $12 billion, and approximately 33,000 employees with facilities and presence in 25 countries, serving a diverse and global customer base\. Headquartered in Providence, Rhode Island, U\.S\.A\., Textron is ranked 236 on the FORTUNE 500 list of largest U\.S\. companies\. Organizationally, Textron consists of numerous subsidiaries and operating divisions, which are responsible for the day\-to\-day operation of their businesses\. For more information, please visit www\.textron\.com  Textron India Private Limited in Bangalore was incorporated in 2004 under the Companies Act, 1956, to better serve our customers around the world\. This is a global resource that provides engineering and technological solutions for many Textron business units\. For more information, please visit www\.textron\.in  - - - **POSITION SUMMARY** Incumbent will join Textron Specialized Vehicles’ IT Security team to **support the IT compliance program** for TIPL and TSV\. The role focuses on **SOX compliance** , **IT General Controls \(ITGC\)** execution, **internal controls reviews** , **risk assessments** , and **audit support** \(internal and external audits\)\. The analyst will coordinate evidence collection, perform control testing, track remediation, and help maintain compliance with Textron Security Policy and ITRM standards\. The role collaborates closely with technical and business teams on access governance, vulnerability governance, and policy exceptions\. **Job Overview** We are seeking a detail‑oriented **IT Security Compliance Analyst** with 3–5 years of experience to plan, execute, and continuously improve our audit and compliance activities\. The analyst will coordinate **external audits** and internal reviews end‑to‑end; perform **ITGC walkthroughs and testing** ; manage **SOX** control cycles; conduct **User Access Reviews \(UARs\)** and **Segregation of Duties \(SoD\)** checks; run **risk assessments** across projects and third parties; and maintain **year‑round compliance tracking** \. Strong documentation discipline, stakeholder coordination, and clear communication are essential\. - - - **Key Responsibilities** **Audit Support \(External & Internal\)** Act as day‑to‑day coordinator for **external audits** and internal audits; manage PBC lists, schedule walkthroughs, and ensure **on‑time, complete** evidence submissions\.Prepare narratives, flowcharts, control matrices; facilitate control owner interviews; validate scope, population, and samples\.Maintain an organized **audit evidence repository** with traceability from request → evidence → conclusion\. **SOX & IT General Controls \(ITGC\)** Execute/coordinate design & operating effectiveness testing for **Access to Programs & Data** , **Change Management** , and **IT Operations** controls across in‑scope systems \(AD, SAP/Oracle/critical applications, ServiceNow, etc\.\)\.Document test steps, samples, results, and exceptions; propose **mitigating controls** where gaps exist and track **remediation and re\-testing** to prevent repeat findings\. **Risk Assessments \(Varied\)** Perform and coordinate **External/Third‑Party Risk Assessments \(SaaS/hosting\)** , reviewing SOC 1/2, bridge letters, and user control considerations\.Conduct **Application/Project Risk Assessments** for new/changed systems; capture data classification, control requirements, and residual risk\.Support **Change/Implementation Risk Assessments** for significant releases or infrastructure changes\.Facilitate **Data Protection/Privacy impact checks** where applicable \(e\.g\., handling of personal or sensitive data\)\.Summarize risk ratings, **treatment plans** , and due dates; track closure through to sign‑off\. **Access Governance & Segregation of duties \(SoD\)** Run periodic **UARs** ; verify least privilege and timely removals for movers/leavers\.Execute **SoD analysis** ; partner with application/security teams to remediate toxic combinations or document **compensating controls** \.Review joiner/mover/leaver controls and **access** activity\. **Policies, Standards & Internal Controls** Map local procedures to Textron Security Policy/ITRM standards; maintain **control procedures** , RACIs, and **evidence templates** \.Draft/refresh SOPs for evidence collection, control performance, population/sampling, exception handling, and retention\. **Year‑Round Compliance Tracking** Own/maintain the **annual compliance calendar** \(control performance cadence, audit windows, quarterly SOX testing, year‑end testing, remediation checkpoints\)\.Track and report **KPIs/KRIs** : UAR completion, SoD findings aging, audit request cycle times, ServiceNow tickets, ITGC exceptions, risk assessment turnaround, vulnerability SLA adherence \(compliance lens\)\.Publish **monthly scorecards** and facilitate reviews with control owners and leadership; drive continuous improvement initiatives\. **Vulnerability / Endpoint Governance \(Compliance Lens\)** Monitor compliance **SLA adherence** and exception status; partner with platform teams to ensure closure or formally logged/timed exceptions\. **Training & Enablement** Provide **enablement** to control owners: checklists, sampling guides, labeling/retention standards, and “good evidence” examples\.Contribute to awareness on SOX/ITGC expectations and audit readiness\. **Qualifications** **Qualifications and Key Skills** **Bachelor’s** in Computer science, Information Systems, Cybersecurity, or related field\. **3–5 years** in IT compliance, IT audit, or security governance within enterprise environments\.Hands‑on with **SOX/ITGC** \(Access, Change, Operations\), audit walkthroughs, sampling, **UARs/SoD** , and evidence preparation\.Familiarity with frameworks/standards: **SOX** , **NIST 800\-171** , **SOC 1/2** reviews; working knowledge of **CIS Controls** preferred\.Tooling familiarity \(any subset\): Active Directory, SAP Security/GRC, Oracle EBS security, ServiceNow, ticketing/approval workflows, Excel/Power BI, SharePoint/OneDrive\.Strong **documentation** , analytical, and stakeholder communication skills \(IT, business, auditors\)\. **Preferred certifications:** CISA / Security / CISM / CIA are plus\. + **Additional Competencies** Ability to **multi‑task and prioritize** across audit cycles and control operations\.Flexible to support time‑zone differences and audit timelines; quick to learn new systems\.Excellent **troubleshooting** and follow‑through; delivers on commitments\.Strong **listening/influencing** skills; customer‑focused and collaborative\.Comfortable working through **ambiguity** and shifting priorities while maintaining compliance rigor\.Clear **interpersonal/communication** skills to define requirements with business partners and articulate control expectations\. **Recruiting Company:** Textron India PVT Limited **Primary Location:** India-KA-Bengaluru **Job Function:** Information Technology **Schedule:** Full-time **Job Level:** Individual Contributor **Job Type:** Standard **Shift:** First Shift **Job Posting:** 01/21/2026, 2:02:10 AM **Job Number:** 338807