Senior analyst - risk and compliance

Company Description

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Job Description

Digital Technology:

We’re not yesterday’s IT department; we're Digital Technology. The world around us keeps changing, and so do we. We’re redefining what it means to be IT with a mindset centered on transformation, experience, AI-driven automation, innovation, and growth. We’re all about delivering delightful, secure customer and employee experiences that accelerate ServiceNow’s journey to become the defining enterprise software company of the 21st century. And we love co-creating, using, and highlighting our own products to do it.

Ultimately, we strive to make the world work better for our employees and customers—when you work in ServiceNow Digital Technology, you work for them.

What You’ll Do In This Role

• Support the design, implementation, and monitoring of SOX IT General Controls (ITGCs) across applications, databases, operating systems, and cloud infrastructure
• Partner with IT and business teams to ensure access management, change management, and IT operations controls are designed and operating effectively
• Assist in scoping SOX systems (in-scope applications, key reports, interfaces, and spreadsheets) based on risk assessments and materiality
• Prepare and maintain process documentation, narratives, RCMs (Risk & Control Matrices), and testing evidence aligned to SOX requirements
• Execute control testing procedures (design and operating effectiveness) and identify control gaps or exceptions, ensuring remediation plans are tracked and completed
• Collaborate with internal stakeholders during external audit walkthroughs and evidence requests, ensuring timely and accurate responses
• Contribute to automation of control testing and evidence collection by working with engineering and GRC tooling teams
• Stay up to date on emerging SOX, PCAOB, and IT compliance requirements to ensure controls align with evolving regulations
• Drive process improvements by recommending standardization, rationalization, and automation of compliance activities
• Support new system implementations or migrations (ERP, SaaS apps, cloud platforms) by ensuring SOX controls are embedded in the design and go-live phases
  
  

Qualifications

To be successful in this role, you have:

• 3 - 5 years of experience in IT Audit, IT Compliance, or Risk Management with a strong focus on SOX 404 ITGCs
• Deep knowledge of access controls (UAR, SOD, privileged access), change management, and IT operations controls within ITGC scope
• Hands-on experience with SOX testing methodologies (walkthroughs, sampling, evidence validation, re-performance)
• Familiarity with regulatory and audit standards such as PCAOB, COSO, COBIT
• Strong understanding of cloud/SaaS environments (AWS, Azure, GCP, Workday, SAP, Oracle, Salesforce, etc.) and their SOX implications
• Experience with audit and compliance tools (e.g., ServiceNow IRM, SAP GRC)
• Strong analysis and problem-solving skills, with the ability to identify control deficiencies and propose remediation plans
• Effective communicator — able to draft clear narratives, RCMs, and walkthrough materials, and interface with auditors and control owners
  
  

Preferred Skills

• Certifications in CISA, CIA, CPA, CISSP, or equivalent experience are preferred
• Prior experience at a public company subject to SOX for SaaS or cloud-first environment
  
  

FD21

For positions in this location, we offer a base pay of $112,800 - $191,800, plus equity (when applicable), variable/incentive compensation, and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.

Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance.

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.