Security GRC IT Controls Analyst

Who We Are 
Bold. Unapologetic. Hardworking. We are building something special.  We transform energy into high-value compute with superior efficiency at scale.  Today that means powering and securing the Bitcoin Network and powering workloads in AI, HPC and other forms of high-value compute. 

Core Scientific is one of the largest bitcoin miners and hosts in North America. Our mission is to accelerate digital innovation by scaling high-value computing rapidly, efficiently, and responsibly. Our proprietary software stack optimizes bitcoin mining, pushes firmware, and monitors all aspects of our operations, ensuring we and our customers generate the highest possible ROI on our hardware investment. 

But what makes us different from others in our industry?  We own and manage our infrastructure.  That puts us in control of our operations and gives us an advantage that translates into higher productivity and efficiency.  It also provides us with the ability to deploy rapidly the innovations developed by our deep-tech team. 

Come join us as we continue our journey and accelerate yours.  We seek smart, creative, collaborative minds, who work hard and fast. 

Intrigued? Then apply and be a part of something truly special at Core Scientific. 

Title 
Security GRC IT Controls Analyst 

Reports To 
Manager, Governance Risk and Compliance (GRC) 

The Job 

We are seeking a detail-oriented and experienced Security GRC IT Controls Analyst to join our team. The ideal candidate will serve a critical role in ensuring the company’s compliance with Sarbanes-Oxley (SOX) and SOC 2 requirements by evaluating, facilitating testing, and leading improvement opportunities associated with IT General Controls (ITGCs). This position involves close collaboration with Security, IT, Finance, and Compliance teams to strengthen the organization’s internal control environment and risk posture. We are looking for candidates who can work 100% remotely within the United States.  

Key Responsibilities 

• IT and Process Compliance Testing: Facilitate ITGC assessments, including testing of access controls, change management, and IT operations, to ensure compliance with SOX and SOC 2 requirements.
• Risk Assessment: Identify and assess IT risks and control design or operating effectiveness gaps in processes, systems, and infrastructure. Propose remediation strategies to address identified risks.
• Control Documentation: Develop and maintain documentation of ITGCs, control matrices, unified control frameworks, risk assessments, and testing methodology.
• Audit Support: Act as a key liaison between internal compliance department, and IT teams to facilitate SOX and SOC 2 testing and address any findings or inquiries.
• Process Improvement: Collaborate with stakeholders to design, implement, and optimize controls and processes to strengthen IT governance.
• Monitoring and Reporting: Track remediation efforts, escalate issues as needed, and report control statuses to management.
• Policy and Procedure Review: Help develop and maintain IT policies, procedures, and standards that align with SOX, SOC 2 and Enterprise Security Compliance objectives.
• Training and Guidance: Guide business teams on SOX and SOC 2 compliance requirements as well as corporate security policies and best practices. 

Qualifications 

• Bachelor’s degree in Information Technology, Accounting, Finance, or a related field.
• Strong analytical skills and ability to dive deep to get to Root Cause.
• Excellent communication and interpersonal skills
• 5-10 years of experience in external audit, internal audit, SOX/SOC 2 compliance, IT audit, IT Security or a related IT governance role.
• Strong understanding of ITGC frameworks and control areas (e.g., access management, change management, backup, recovery, and operations).
• Experience with SOX 404 compliance testing.
• Experience working in a BIG 4 firm leading IT compliance assessment initiatives strongly desired
• Experience managing supply chain risk management programs
• Certifications (preferred): CRISC, CISA, CISSP, CPA, or similar certifications. 
• Perform other duties as assigned. 

Technical Skills: 

• Proficiency in IT systems and/or data center environments
• Familiarity with GRC tools such as Drata, Archer, ServiceNow, or AuditBoard.  
• Strong analytical, problem-solving, and project management skills. 
• Excellent verbal and written communication abilities to effectively collaborate with technical and non-technical stakeholders.
• Detail-oriented with a commitment to delivering high-quality work within deadlines. 
• Experience working with external audit partners  

Location:
This role is a full-time, Monday-Friday position and will operate in a remote office.  

Physical Demands: 
While performing the duties of this job, the employee is frequently required to sit;  
stand; walk; use hands; and lift up to 10 pounds. 

Travel: 
Minimal travel to corporate offices and data centers may be required.