GRC Automation and AI Specialist Senior

About The Position

Requirements

• 2-4 years of applied work experience in data engineering, analytics or integration, cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
• Knowledge of information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST.
• Knowledge of IT systems and processes, network infrastructure, data architecture, and protocols.
• Skill in using AI/ML platforms and automation frameworks, such as Microsoft AI solutions (Power Automate, Copilot Studio) and AI Foundry, for developing agents, workflow automation, and predictive analytics in cybersecurity and GRC environments.
• Skill in applying cyber and cloud security frameworks, architecture, design, operations, controls, and service orchestration.
• Ability to develop and manage use cases, including capturing requirements and creating AI-driven solutions.
• Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
• Ability to develop and implement enterprise governance, risk, and compliance strategies and solutions.
• Ability to research and locate information related to internal and external organizations using online and other sources.
• Skill in security project management and planning.
• Ability to maintain confidentiality and handle sensitive information appropriately.
• Ability to troubleshoot and operate computers and various software packages.
• Ability to define problems, collect and analyze data, establish facts, and draw valid conclusions.
• Ability to use judgment and ingenuity in maintaining objectives and technical standards.
• Ability to communicate technical issues effectively to diverse audiences, both in writing and verbally.
• Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.

Nice To Haves

• Certification in any of the following is preferred but not required: CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional).

Responsibilities

• Design and deploy Artificial Intelligence (AI)/Machine Learning (ML) solutions to automate cybersecurity tasks such as continuous monitoring of security controls, automated evidence collection for audits, and real-time compliance dashboards.
• Collaborate with GRC, engineering, SecOps, IT operations, and BCP teams to define requirements and ensure scalable, secure, and maintainable AI-driven automation solutions.
• Develop automated compliance reports and risk metrics for executive leadership, applying AI-driven insights to improve decision-making and reduce operational risk.
• Apply knowledge of SOX and control testing to identify, assess, aggregate, report, and mitigate current and emerging risk events across cross-functional teams.
• Coordinate work assignments with process owners, control owners, external auditors, and consultants, ensuring issues are documented, monitored, and resolved.
• Advise internal stakeholders on internal control design for ongoing risk mitigation of information systems based on regulatory requirements and best practices.
• Communicate security issues and risks effectively to diverse audiences and ensure compliance with applicable controls based on a unified framework.
• Identify and correct process gaps proactively, recommending improvements to advance the Bank's information security program maturity in alignment with company goals.
• Guide program leaders on risk remediation efforts, ensuring adequacy of response and timeliness based on risk severity.
• Perform major assignments related to GRC program operations, including evaluation of high-risk processes and applications, strategic planning inputs, and execution of automation initiatives.
• Work independently on complex programs and assignments with diverse teams and perform other duties as assigned.