JOB FUNCTION / SUMMARY:
The IT-Governance, Risk and Compliance (GRC) Analyst 2 is responsible for supporting the development / revisions of security policies and guidelines, assisting with risk assessments, and reviewing information technology, information security, and line of business security controls.
ESSENTIAL DUTIES & RESPONSIBILITIES:
- Assist in the development and maintenance of security policies and guidelines in alignment with regulatory requirements.
- Assist in the development of control documents with Security Architects for applications being governed.
- Assist with scheduled control checks for Information Technology, Information Security, and line of business defined controls.
- Supports policy exception process; review and consult teams on draft policy exceptions, prepare summary notes with recommendation for approve or deny
- Responsible for risk assessment and resolution follow-up to assure compliance with applicable internal regulatory and legal requirements.
- Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other operational teams.
- Supports the security awareness programs within the business unit.
MINIMUM REQUIRED EDUCATION, EXPERIENCE & KNOWLEDGE:
- Bachelor’s degree in Information Systems or relevant technical / science degree or equivalent experience in Information Systems
- 2+ years of IT policy, controls, assessment, GRC, or audit experience required
- Knowledge of various compliance regulations – FFIEC, PCI, GLBA, SOX, etc.
- Knowledge of enterprise technology infrastructure, application security, database security, and information systems.
- Ability to interpret complex technical concepts, align them to compliance requirements, and articulate the information in guidelines and bulletins.
- Strong organizational skills; ability to balance multiple tasks simultaneously.
- Excellent interpersonal skills; comfortable dealing with a large span of people from middle tier management to business analysts.
- Capable of working independently, as well as in team / collaborative settings.
ESSENTIAL MENTAL & PHYSICAL REQUIRMENTS:
- Ability to work under stress and meet deadlines
- Ability to operate related equipment to perform the essential job functions
- Ability to read and interpret a document if required to perform the essential job functions
- Ability to travel if required to perform the essential job functions
- Ability to lift/move/carry approximately 10 pounds if required to perform the essential job functions. If the employee is unable to lift/move/carry this weight and can be accommodated without causing the department/division an “undue hardship” then the employee must be accommodated; hence omitting lifting/moving/carrying as a physical requirement.
Equal Opportunity/Affirmative Action Employers. All qualified applicants will receive consideration for employment without regard to race, color, religious beliefs, national origin, ancestry, citizenship, sex, gender, sexual orientation, gender identity, marital status, age, physical or mental disability or history of disability, genetic information, status as a protected veteran, disabled veteran, or other protected characteristics as required by federal, state and local laws.