Governance, Risk & Compliance Analyst 3

About The Position

Requirements

• Bachelor’s degree in Information Systems, Business, Accounting, Cybersecurity, or a related field or an equivalent combination of education and relevant work experience.
• 3–5 years of experience in Governance, Risk & Compliance, IT Audit, Cybersecurity, or a related discipline.
• Experience conducting IT risk assessments and control testing using established methodologies.
• Familiarity with regulatory compliance concepts and internal and external audit processes.
• Working knowledge of IT risk management principles and control frameworks such as SOX, PCI, NIST CSF, ISO 27001, and SOC 2.
• Strong analytical and problem‑solving skills applied to moderately complex issues.
• Ability to interpret policies, standards, and regulatory requirements and apply them to operational environments.
• Effective written and verbal communication skills, including the ability to translate technical concepts for non‑technical audiences.
• Strong collaboration skills with both technical and business stakeholders.
• Excellent organizational skills and attention to detail.
• Ability to manage multiple assignments with general direction and increasing autonomy.
• Demonstrated ability to identify process improvement opportunities and recommend practical, risk‑based solutions.

Responsibilities

• Risk Management Conduct recurring risk assessments across technology systems and selected business processes using established methodologies.
• Identify, assess, and document risks, including impact, likelihood, and recommended mitigation strategies.
• Track risk remediation activities and follow up with stakeholders to support timely and effective resolution.
• Assist in maintaining the enterprise risk register and related supporting documentation.
• Escalate significant or emerging risks to leadership as appropriate.
• Compliance & Controls Perform control testing and reviews aligned with frameworks such as SOX, PCI, NIST CSF, ISO 27001, and SOC 2.
• Support internal and external audit activities by coordinating evidence collection and preparing documentation.
• Monitor regulatory and industry changes and assess potential impacts to existing controls and compliance programs.
• Contribute to compliance program updates and continuous documentation improvements.
• Support awareness initiatives that reinforce compliance expectations across the organization.
• Policy & Process Governance Maintain and update GRC policies, standards, procedures, and supporting documentation to ensure accuracy and clarity.
• Coordinate stakeholder reviews and incorporate feedback into governance materials.
• Identify opportunities for process improvement and recommend enhancements aligned with established standards and best practices.
• Support implementation of approved governance and process changes across relevant teams.
• Reporting & Analytics Develop and maintain recurring GRC reports and dashboards for leadership and key stakeholders.
• Compile and analyze metrics related to risk assessments, control testing, remediation status, and training compliance.
• Translate technical risk and compliance findings into clear, concise, and actionable reporting.
• Ensure the accuracy, completeness, and integrity of reported data.
• Risk Management Training Support the maintenance of risk management training materials to ensure content remains accurate and current.
• Track and report training completion and non‑compliance metrics to leadership.
• Assist in responding to employee inquiries related to GRC training requirements.

Benefits

• Competitive compensation and benefits, including medical, dental, and vision coverage
• Leave and paid time-off for holidays, vacation, personal, family, volunteer, sick, jury duty, bereavement, military, and religious observance
• Financial benefits for retirement and health savings
• Employee recognition programs
• Discounts at Choice hotels worldwide