Governance, Risk, Compliance (GRC) Specialist Senior

About The Position

Requirements

• 5-7 years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC and NIST.
• Knowledge of information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Knowledge of cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
• Knowledge of information systems auditing, monitoring, controlling, and assessment process.
• Knowledge of incident response management.
• Knowledge of risk assessment and management methodology.

Nice To Haves

• Proficiency using Microsoft Office software products such as Word, Excel, and PowerPoint.
• Experience in developing and implementing enterprise governance, risk, and compliance strategy and solutions.
• Experience in researching and locating information related to internal and external organizations using online and other sources.
• Experience in security project management and planning.
• Ability to maintain confidentiality.
• Experience in troubleshooting and operating a computer and various software packages.
• Ability to define problems, collect and analyze data, establish facts and draw valid conclusions.
• Ability to use judgment and ingenuity in maintaining objectives and technical standards.

Responsibilities

• Expert knowledge of SOX, Control Testing, and working with cross-functional teams to identify, assess, aggregate, report and mitigate current and emerging risk events.
• Leverage broad experience to coordinate work assignments with process owners, control owners, external auditors, consultants and ensure issues are documented and monitored.
• Expert at negotiating prioritization of risks and performing control testing, document results, and provide updates to the business.
• Partner with internal stakeholders on design of internal controls for ongoing risk mitigation of information systems based on regulatory requirements and best practices.
• Clearly and effectively communicate security issues and risks to diverse audience and ensure compliance with applicable controls based on a unified framework.
• Exhibit strategic agility and proactively identify and correct process gaps and improvements to further the maturity of the Bank’s information security program in alignment with company goals and objectives.
• Use best practices and industry knowledge to help guide program leaders risk remediation efforts, ensuring adequacy of response and timeliness based on risks.
• Carries major assignments in conducting business operations, and supports technology in the evaluation of risks and controls, particularly when evaluating the high-risk processes and applications and play an important role in program strategic planning and execution of tasks.
• Perform risk and control effectiveness test while partnering with applications/systems/data Assists in evaluating and supporting document request to facilitate audit engagements.
• Ability to work independently on complex programs and assignments with diverse teams and perform other duties as assigned.
• Instrumental in identifying, developing, and monitoring program metrics and supporting reporting to board committees.
• Remains current on best practices and technological advancements and acts as the technical resource for security assessment and regulatory compliance.
• Performs other related duties as assigned.