IT Grc Analyst

**Job description**

**A Brief Summary of This Position**:
The incumbent will be a vital force in our IT Governance, Risk & Compliance (GRC) program within the CIO's organization. Your key responsibilities will include driving global risk and compliance initiatives, specifically focusing on designing, evaluating, and managing client’s Third-Party Vendor Risk Management (TPRM) program. You will also conduct risk assessments, identify control gaps, recommend remediation plans, and monitor risk compliance. You will also closely coordinate with key stakeholders such as IT functional leaders and internal and external auditors. A profound understanding of key IT risks, the ability to assess control design and effectiveness, and the capacity to influence IT teams toward successful risk mitigation will be essential in your role.

Moreover, you'll oversee corporate IT controls and manage the risk register, significantly ensuring our IT operations' security. Your role is instrumental in streamlining our compliance procedures, reinforcing our risk management, and enhancing our IT security, which is critical to maintaining company’s robust, secure, and compliant operations.

**Essential Functions**:

- This position reports to IT GRC Manager and has no direct or indirect reports.
- IT Risk Management: Maintains Risk inventory to track identified IT issues and risks, including risk acceptances or risk remediation plans that address each risk. Provides governance, oversight, and reporting on issues and risks.
- Business Continuity / Disaster Recovery: Develops, implements, maintains, and tests the Corporate Business Continuity program. Identifies, documents, and tests the business requirements for uptime against the infrastructure capabilities to implement appropriate recovery strategies and identify gaps/risks.
- Lead collaboration efforts with IT value stream owners to define and implement effective control activities, processes and standards and document supporting policies and procedures
- Consultation and assistance to IT Risk & Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) as appropriate
- Lead the planning, scoping, execution, and documentation of risk management activities in areas associated with technology and technology-related risks (e.g., cybersecurity)
- Collaborate and educate Risk & Control Owners on all relevant requirements for self-assessment and compliance reviews
- Provide actionable, technical advice to engineers to address and treat identified risks (including for cloud environments).
- Work with internal teams to understand their business processes, how they manage risks, respond / advise on their compliance needs and concerns and remediate new and outstanding issues
- Identify, validate, and assess security risks; develop, socialize, and guide engineering teams through risk treatment plans
- Collaborate across teams fostering engagement and building relationships - while acting as an analyst and compliance advisor
- Preferred Bachelor’s in relevant field or Associates Degree with 3+ years relevant experience or 5+ years relevant experience
- Possess an understanding of security management and/or information risk and compliance processes and industry frameworks (ISO27001, NIST, COBIT)
- Experience performing cyber security risk assessment, business impact analysis, planning and reporting
- Possesses foundational understanding of Risk Management concepts and principles.
- Experience developing, implementing, and deploying IT risk management processes.
- Knowledge of the policies, procedures and processes that govern an IT organization
- Possesses foundational understanding of IT Concepts and principles.
- Strong computer skills, including proficiency with MS Office suite, advanced Excel macros, data reformatting from multiple sources, GRC tools, OneTrust, AuditBoard, MS SharePoint, OS365, Power Aps and Power BI
- Must be available for U.S. and international time zone meetings.
- Flexible/remote schedule, however, must be able to work in the office on occasion.
- Travel up to 10% (domestic and international), including overnight stays.
- High level of initiative and self-motivation
- Excellent written and verbal communication skills
- Problem-solving, critical thinking, and analytical ability
- Ability to work independently and as a part of a team in a fast-paced, dynamic environment.
- Bachelor’s or Master’s degree in computer science, Computer Engineering, Information Systems, or related field
- Six years of experience in information security risk and compliance with a broad knowledge of network, desktop and distributed server hardware and software solutions
- Industry certifications (e.g., CRISC, CISA, ITIL) is a plus
- Must be able to work effectively with people at all levels, solve personal conflicts, understand and