Job Title: Senior, Technology GRC Analyst

Reports To: Vice President, Technology Governance, Risk & Compliance

People Leader: No

FLSA Status: Exempt

This is a Hybrid/St. Louis position

Job Summary

The Senior Technology GRC Analyst helps the organization understand and manage technology and information security risks before they become larger issues. This role provides independent oversight of technology and cybersecurity risks, evaluates the effectiveness of controls, and helps leaders make informed decisions about risk. The position supports regulatory compliance, organizational preparedness, and the protection of organizational assets by identifying gaps, emerging risks, and opportunities to strengthen the overall control environment.

Job Responsibilities

The intent of this job description is to provide a representation of the types of duties and level of responsibilities required of this position and is not intended to be an exhaustive list of all responsibilities, duties, and skills. Team members may be directed to perform job-related tasks other than those specifically stated in this description.

• Conduct complex risk assessments of existing and proposed technology assets, services, and operations to identify vulnerabilities, threats, control gaps, and emerging risks; provide recommendations to support risk informed decision making

• Prepare clear, actionable risk reports and dashboards for leadership, highlighting key findings, trends, and remediation progress

• Review, test, and validate the effectiveness of controls against established frameworks, regulatory requirements, and organizational standards; identify control gaps and provide recommendations to strengthen the control environment

• Monitor and report compliance with applicable technology, cybersecurity, privacy, and regulatory requirements; identify potential concerns and validate corrective actions implemented to address identified issues

• Advise stakeholders on the development and ongoing improvement of security standards and procedures to strengthen the organization's control environment and address emerging risks

• Provide independent review and challenge of technology and information security risks, control effectiveness, remediation plans, and risk acceptance decisions; consult with stakeholders on risk mitigation strategies and control considerations

• Participate in post incident response and post reviews to assess response effectiveness, identify control or process weaknesses, and provide recommendations to strengthen business continuity and disaster recovery preparedness

• Assess technology and information security risks associated with third party relationships and provide recommendations to support vendor risk management activities

• Coordinate findings and remediation activities related to internal and external audits, examinations, and assessments; validate corrective actions and identify recurring risk themes or control weaknesses

Required Qualifications

An equivalent combination of education, training, and experience will be considered.

• High school diploma or equivalent
• 3+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience

Preferred Qualifications

• 5+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience
• Certified in Risk and Information Systems Control (CRISC)

Knowledge, Skills, and Abilities (KSAs)

A representation of the knowledge, skills, and abilities necessary to perform this job competently.

• Skilled in assessing technology and information security risks, identifying control gaps, and evaluating potential business impacts

• Skilled in interpreting and applying technology, cybersecurity, privacy, and regulatory requirements within a risk management framework

• Skilled in analyzing complex information, identifying trends and root causes, and developing practical risk based recommendations

• Skilled in evaluating the design and effectiveness of controls and assessing alignment with organizational standards and industry frameworks

• Skilled in communicating complex technical and risk related concepts to diverse audiences through reports, presentations, and stakeholder discussions, utilizing a framework such as NCUA, FFIEC, GLBA, PCI-DSS, etc.

• Skilled in building collaborative relationships and providing independent guidance, challenge, and consultation across functions

• Ability to exercise sound judgment, prioritize competing risks, and make recommendations in situations involving ambiguity or incomplete information

• Ability to coordinate multiple assessments, audits, remediation activities, and stakeholder groups while maintaining attention to detail

Work Environment

Environmental or atmospheric conditions commonly associated with the performance of this job's functions.

• Flexible remote or hybrid (combination of remote & onsite) work environment; requires regular use of online tools, systems, and collaboration platforms

• General office setting when working onsite

• Occasional travel to branch locations, vendor sites, or other business-related locations

• Attendance at offsite meetings, events, or conferences as needed

• This position requires alert monitoring and incident response as needed, including weekends and holidays

Physical Abilities

The physical demands described below are representative of those that must be met by an employee to successfully perform this job's essential functions. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

• Ability to work at a computer in a stationary position for up to 8 hours per day

• Ability to occasionally carry light materials (e.g., laptop, presentation materials)

• Ability to travel for business by car or air and stay in public accommodations as needed