IT GRC Analyst

Job Summary

The GRC analyst is responsible for creating and managing governance, risk, and compliance processes within the information technology (IT) organization. This role will partner with various stakeholders to assist in various information and technology risk remediation activities, such as audit coordination and remediation, control identification and monitoring implementation, business continuity and disaster recovery coordination activities, and assisting in developing relevant policies and procedures

Duties and Responsibilities

• Identify, document, and implement monitoring on controls within the IT organization in alignment with applicable control frameworks
• Work with corporate legal and compliance representatives to identify and catalog all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions
• Assist with the coordination of audit-related tasks, including assisting the IT organization in preparation for internal audits, coordinating and documenting remediation activities, and gathering applicable evidence
• Work with business units to identify and implement business continuity and business resiliency-related improvements
• Partner with IT stakeholders to drive improvements to the company’s disaster recovery program to ensure alignment with business requirements
• Identify, develop, and deliver training addressing current security trends that drives improvement in the security awareness across the organization.
• Develop and report on metrics and performance indicators relating to the performance of the organization’s overall governance, risk, and compliance efforts
• Work with the vendor management office to perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship

Experience and Education Requirements

• Bachelor's degree in a relevant field such as business, information technology, information security, or equivalent experience
• 1-3 years of experience working in GRC or a related field including experience working with GRC tools and technologies
• Experience executing IT General Controls including IT Change Management and Logical Access preferred
• Experience working within an IT organization in the financial services industry preferred
• Professional certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or similar are preferred

Knowledge, Skills & Abilities

• Awareness of Information Security, compliance, and/or other security standard methodologies and principles
• Familiarity with security data analysis, including UEBA, using analytic tools such as Excel, SQL, SOAR, SIEM tools, and other query languages
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Dedicated work ethic
• Strong work prioritization and planning skills
• Strong troubleshooting and problem-solving skills
• Strong interpersonal communication skills, written and verbal

Other Requirements

• Perform other functions, duties and projects as assigned
• Regular and punctual attendance
• Some travel required (less than 10%)

#LI-Remote #LI-MB1