Governance Risk & Compliance Analyst
KellyMitchell matches the best IT and business talent with premier organizations nationwide. Our clients, ranging from Fortune 500 corporations to rapidly growing high-tech companies, are exceptionally served by our 1500+ IT and business consultants. Our industry is growing rapidly, and now is a great time to launch your career with the KellyMitchell team.
Governance Risk & Compliance Analyst
Job Summary: You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices.
- Coordinate the development of best practice policies and standards based on various governance frameworks
- Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
- Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
- Develop and lead information security awareness and training initiatives, including phishing exercises.
- Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees.
- Develop and manage an information security risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.
- Implement GRC software platform for policy administration, compliance and risk management.
- Coordinate information security internal audit, external audit, regulatory and SOX reviews to help represent the company from an information security and technology risk perspective.
- Coordinate responses to RFI\RFPs and client security related questionnaires.
- Establish a compliance management framework to manage all ‘third line of defense’ reviews and results.
- Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.
- Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure
- Identify, analyze, respond to and monitor IT risk.
- Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
- Conduct third part vendor risk assessments, make recommendations and perform periodic reviews.
- Manage tracking of identified findings and actions to closure and reporting to leadership.
- Develop and maintain a Cyber and IT Control Framework.
- Develop a Cyber and IT controls catalog to align with the organization's risk appetite and tolerance levels to support business objectives.
- Ensure all controls are assigned control owners to establish accountability.
- Design and implement Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently.
- Bachelor’s degree. Master’s degree a plus.
- Minimum of 3 to 5 years of relevant experience, preferably in financial services.
- Strong background in information technology with a clear understanding of the challenges of information security.
- Demonstrated understanding of secure, complex information systems’ environment in a global financial service sell side environment.
- Relevant experience in the GRC space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
- Direct experience with regulatory compliance reviews and examinations.
- Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred.
- Project and program management skills.
- Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
- Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
- Excellent leadership and teamwork skills.
- Ability to influence others.
- Team player with the ability to work independently.
- Resourceful, energetic, self-starter, flexible, goal-oriented
- Strong personal integrity