Governance Risk & Compliance Analyst III

About The Position

Requirements

• Bachelor’s degree in Accounting, Management Information Systems, Computer Science, or related field, or equivalent experience.
• 4+ years of experience in IT risk management, IT audit, GRC, or compliance roles.
• Strong knowledge of IT risk frameworks and internal control methodologies, including SOX.
• Ability to independently assess risk, evaluate controls, and partner effectively with auditors and technology teams.
• Experience working in a regulated or financial services environment.

Nice To Haves

• CRISC, CISA, CISSP, or similar certification.
• IT audit or professional services experience.
• Experience with ServiceNow IRM module or similar platforms.

Responsibilities

• IT Risk Management & Governance Conduct internal cyber risk assessments to identify risks, control gaps, and improvement opportunities.
• Manage, track, and report on enterprise technology risks, maintaining an up-to-date risk register.
• Maintain and enhance IT and cybersecurity controls, policies, and standards aligned to industry frameworks (e.g., NIST) and regulatory requirements (e.g., BMA, NYDFS).
• Facilitate ongoing assessments of IT governance and compliance processes.
• Support cybersecurity metrics, KPIs, and reporting for governance and leadership review.
• AI & Emerging Technology Risk Support the identification, assessment, and ongoing monitoring of risks associated with artificial intelligence (AI) and emerging technology use cases.
• Partner with technology, legal, compliance, and risk stakeholders to assess AI use cases for governance, control design, and regulatory readiness.
• Monitor adherence to AI governance standards, policies, and risk management practices, including documentation and control evidence.
• Support audit and regulatory inquiries related to AI usage, data governance, and technology risk controls.
• Third-Party & Vendor Risk Perform due diligence on key vendors, including assessment of SOC 1 and SOC 2 reports.
• Monitor third-party risk scores (e.g., BitSight) and coordinate follow-up on relevant findings.
• Respond to security questionnaires and assessments from business partners, providing clear insight into Athene’s security controls and processes.
• Audit & Regulatory Compliance Partner with Internal Audit and IT teams on technology audits, including scoping, evidence collection, and remediation tracking.
• Coordinate with external auditors to support SOX IT control testing and request fulfillment.
• Monitor compliance with key regulatory requirements (e.g., NYDFS) and support readiness for emerging cybersecurity regulations.
• Cybersecurity Program Support Track vulnerabilities identified through Athene’s threat and vulnerability management program and support remediation efforts.
• Coordinate and facilitate cyber incident response exercises, disaster recovery, and tabletop drills.
• Assist with the security awareness program, including annual training updates and phishing simulations.
• Develop governance, risk, and compliance (GRC) educational and training materials.
• Tools & Process Enablement Maintain and update Athene’s GRC platform, recommending enhancements as the program evolves.
• Work closely with technology leadership, cybersecurity teams, and risk management to develop and track remediation action plans.