Governance, Risk & Compliance Analyst II

About The Position

Requirements

• Bachelor’s degree in Information Systems, Cybersecurity, a related field, or equivalent experience required.
• Minimum of three years’ experience in GRC, data privacy, risk management, audit support, and/or information security.
• Demonstrable advanced knowledge and understanding of data privacy laws, including state-specific laws in Colorado, California, and emerging state privacy laws.
• Hands-on experience supporting SOX and/or NIST CSF audits, including evidence gathering and control testing.
• Experience evaluating third-party and vendor risk, including vendors utilizing AI-enabled tools.
• Working knowledge of AI governance principles, including AI risk assessment, vendor transparency requirements, and fair-housing implications of automated decision-making tools.
• Work experience with data privacy, third-party risk management, and contract lifecycle management software and tools.

Nice To Haves

• Work experience with policy lifecycle processes to include drafting, editing, and publishing preferred.
• CIPP/US, CIPM, CIPT, CISA, or other related certification preferred.

Responsibilities

• Lead evidence collection and coordination for external and internal audits, including Sarbanes-Oxley (SOX) and NIST CSF, working directly with both internal and external auditors as well as internal control owners.
• Identify control gaps and remediation opportunities through audit findings and proactively communicate recommendations to management.
• Lead AI governance implementation tasks, including maintaining enterprise AI technical feasibility assessments, conducting AI vendor risk assessments, and supporting the development of AI use policies and standards.
• Advise business stakeholders on AI-related risks, including fair-housing implications of AI-assisted leasing or screening tools, and SEC disclosure obligations related to material AI risks.
• Manage vendor due diligence and third-party risk assessments, with specialized focus on evaluating AI-enabled vendor tools for algorithmic transparency, bias testing, and data governance practices.
• Manage and track vendor certification/recertification status and maintain the approved vendor list.
• Manage the program to document, analyze, and fulfill all consumer data privacy requests received by UDR, including state-specific requirements.
• Advise the business on federal and state privacy compliance issues and best practices in accordance with applicable state laws.
• Research new and evolving legal requirements as they relate to consumer privacy, AI governance, and relevant GRC domain areas.
• Advise project teams on data privacy and AI risks associated with specific business activities and data use.
• Create and edit organizational policies as they pertain to information technology, AI governance, and GRC.
• Lead the implementation and maintenance of GRC applications, tools, and systems in accordance with program policy and industry best practice.
• Create and design reporting, metrics, and dashboards to support compliant and transparent IT operations.
• Communicate with consumers and across the enterprise in a timely, professional, and precise manner.
• Manage processes for digital forensics and evidence chain of custody for any incident or investigation related to data privacy.
• Consult with key stakeholders on privacy and AI governance assessments; serve as a subject matter expert for IT Operations.
• Lead organizational data privacy and AI governance training and awareness efforts.
• Perform other duties as assigned or as necessary.

Benefits

• Medical, Dental, Vision Plans
• Medical Flexible Spending Account
• Dependent Care Spending Account
• Lifestyle Spending Account
• Supplemental Term Life Insurance
• Critical Illness Plan
• Supplemental Short-Term Disability Insurance / AD&D Insurance
• Voluntary Long Term Care Insurance
• 401(k) Plan with company match