IT GRC Lead Analyst

Westfield

$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of experience in IT Governance, Risk, and Compliance, Information Security, IT Audit, or related fields.
  • Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business, or similar disciplines.
  • Relevant professional certifications such as CISSP, CISA, CRISC, CISM, or CGEIT.

Responsibilities

  • Lead development and continuous improvement of the enterprise GRC program.
  • Serve as the subject matter expert in IT governance and risk management.
  • Conduct technology risk assessments and provide risk-based recommendations.
  • Enhance risk management practices through governance and process optimization.
  • Ensure compliance with regulatory requirements and internal policies.
  • Establish and maintain IT control frameworks and key risk indicators.
  • Lead control assessments, testing, and monitoring for the control environment.

Benefits

  • Hybrid work model with at least three days in the office per week.
  • Opportunity to influence senior leadership and strategic decision-making.
  • Leadership role in mentoring and fostering a risk-aware culture.
  • Access to advanced GRC platforms and compliance automation tools.
  • Participation in enterprise-wide initiatives to drive maturity in risk management.
Full Job Description
Job Description

Job Summary:

The IT Governance, Risk, and Compliance (GRC) Lead Analyst serves as a subject matter expert responsible for leading the design, implementation, maturity, and continuous improvement of the organization's IT governance, risk management, and compliance programs.

This role provides strategic oversight of technology risk and control management, partners with business and technology leaders to ensure alignment with enterprise objectives and drives a proactive risk-aware culture across the organization. The GRC Lead Analyst serves as a trusted advisor to senior leadership, influencing risk-based decision-making and ensuring compliance with regulatory requirements, industry standards, and internal policies.

The ideal candidate possesses deep expertise in governance frameworks, regulatory compliance, IT controls, risk management, audit practices, and cybersecurity governance, along with demonstrated leadership in driving enterprise-wide initiatives and mentoring others.

Applicants must be currently authorized to work in the United States on a full-time basis without employer sponsorship.

Job Responsibilities:
  • Lead the development, execution, and continuous improvement of the enterprise IT Governance, Risk, and Compliance (GRC) program, frameworks, and operating model.
  • Serve as the organization's subject matter expert for IT governance, risk management, compliance, and control oversight.
  • Lead enterprise technology risk assessments and provide risk-based recommendations aligned with business objectives and risk appetite.
  • Drive the maturity of risk management practices through governance enhancements, process optimization, and industry best practices.
  • Oversee compliance with regulatory requirements, industry standards, and internal policies, ensuring effective implementation of controls and monitoring mechanisms.
  • Establish and maintain IT control frameworks, including ITGCs, cybersecurity controls, and key risk indicators (KRIs).
  • Lead control assessments, testing, continuous monitoring, and remediation efforts to strengthen the organization's control environment.
  • Serve as the primary liaison for internal and external audits, regulatory examinations, and issue remediation governance.
  • Lead third-party technology risk management activities, including vendor assessments and ongoing risk oversight.
  • Champion the implementation, optimization, and automation of GRC processes and technologies to improve efficiency and effectiveness.
  • Develop and deliver executive-level reporting, dashboards, and insights on risk, compliance, audit results, and remediation activities.
  • Lead cross-functional GRC initiatives, influence strategic decision-making, and mentor team members to foster a culture of risk awareness and continuous improvement.


Job Qualifications:
  • 7+ years of experience in IT Governance, Risk, and Compliance, Information Security, IT Audit, or related disciplines.
  • Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business, or related field.


Location
Hybrid defined as three (3) or more days per week in the office.

Licenses and Certifications:
  • CISSP
  • CISA
  • CRISC
  • CISM
  • CGEIT


Behavioral Competencies:
  • Collaborates
  • Communicates Effectively
  • Customer Focus
  • Decision Quality
  • Nimble Learning


Technical Skills:
  • Insurance Industry Knowledge
  • Regulatory Examinations
  • GRC Platforms
  • Policy Management
  • Compliance Automation Tools
  • IT Risk Assessment
  • Control Design
  • Security Testing


This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Similar Jobs

More Jobs at Westfield

More Information Technology Jobs

Find similar IT GRC Lead Analyst jobs: