Governance, Risk, Compliance (GRC) Analyst Job ID: 2024-5188 Category: Information Technology Type: Full-Time Workplace policy: Hybrid Overview The GRC Analyst is responsible for assessing and documenting the Bank's compliance and risk posture as they relate to IT's information assets. The purpose of this position is to provide highly skilled technical and information security expertise for the development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis, audit and compliance support, standards and testing, risk assessment, awareness and education, and development of policies, standards, and guidelines. Principal Duties&Responsibilities: Assist in conducting gap analysis and communicate results, and provide support in implementing frameworks and standards changes to NIST, SOX, and GLBA controls. Monitor compliance with industry and government rules and regulations, interpret impact, and support in the development or revision of policies, standards, and processes to meet regulatory standards applicable to the business. Support in conducting business operations and assist in the technical implementation and maintenance of the IT GRC tool, following industry knowledge and experience to ensure best practices are followed. Work collaboratively with key stakeholders in the business to identify, assess, aggregate, and document risks and controls, including risks associated with new applications, services, regulations, and third-party operations. Assist in delivering impactful presentations of findings to various levels of leadership and help obtain buy-in. Support in implementing processes to automate and continuously monitor information security controls, exceptions, risks, testing while developing metrics, dashboards, and evidence artifacts to communicate results of risk assessments to business process owners and various levels of leadership. Help influence remediation and prioritization of key risks while demonstrating a holistic understanding and management of risks according to regulatory requirements and industry best practices. Assist in enhancing processes, strategies, tools, and methodologies to measure, monitor, and report risks. Use knowledge and skills to provide analytical material for discussions with cross-functional teams to understand business objectives and influence solution strategies. Contribute to cross-functional teams to identify, assess, aggregate, and mitigate current and emerging risk events. Act as a subject matter expert and provide support in formulating and evaluating contingency plans in partnership with key business stakeholders. Help establish and maintain a document request list (DRL) library to create efficiencies in audit engagements, assessments, and exams. Support the identification and resolution of risks via the Issue Management process and perform other duties as assigned. Stay up to date and informed on developing regulatory concerns and changing IT and information security trends. Qualifications 2-4 years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Knowledge of: Applicable information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST; Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols; Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration; Information systems auditing, monitoring, controlling, and assessment process; Incident response management; Risk assessment and management methodology. Skills in: Developing and implementing enterprise governance, risk, and compliance strategy and solutions; Researching and locating information related to internal and external organizations using online and other sources; Security project management and planning; Maintaining confidentiality; Troubleshooting and operating a computer and various software packages; Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions; Using judgment and ingenuity in maintaining objectives and technical standards; Ability to: Effectively communicate technical issues to diverse audiences, both in writing and verbally; Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process; Handle sensitive and confidential matters, situations, and data. Licenses and Certifications: CISA, CRISC, or CISSP. Education Bachelor's Degree in Business Administration, Risk, or related field (relevant experience may substitute for the degree requirement) Preferred. Special Instructions to Candidates Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment J-18808-Ljbffr