GRC Specialist Senior

About The Position

Requirements

• 2-4 years of of applied work experience in cyber security compliance management, cyber security programs, data engineering, analytics or integration, audits, assessments, risk and remediation.
• Knowledge of AI concepts (LLMs, prompt design, limitations, hallucinations, etc.)
• Knowledge of information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST.
• Knowledge of IT systems and processes, network infrastructure, data architecture, and protocols.
• Skills in using AI/ML platforms and automation frameworks, such as Microsoft AI solutions (Power Automate, Copilot Studio) and AI Foundry, for developing agents, workflow automation, and predictive analytics in cybersecurity and GRC environments (desirable).
• Skill in applying cyber and cloud security frameworks, architecture, design, operations, controls, and service orchestration.
• Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
• Ability to develop and implement enterprise governance, risk, and compliance strategies and solutions.
• Ability to research and locate information related to internal and external organizations using online and other sources.
• Skill in security project management and planning.
• Ability to maintain confidentiality and handle sensitive information appropriately.
• Ability to troubleshoot and operate computers and various software packages.
• Ability to define problems, collect and analyze data, establish facts, and draw valid conclusions.
• Ability to use judgment and ingenuity in maintaining objectives and technical standards.
• Ability to communicate technical issues effectively to diverse audiences, both in writing and verbally.
• Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.

Nice To Haves

• Certification in any of the following is preferred but not required: Microsoft certifications such as Power Platform Fundamentals (PL-900) or Copilot Studio Applied Skills (APL-7008) CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional).

Responsibilities

• Coordinate risk and control self-assessments with IT and cybersecurity subject matter experts and enterprise risk management team.
• Conduct control testing and document results to identify potential gaps in control design and/or control operating effectiveness.
• Collaborate with GRC, engineering, SecOps, IT operations, and BCP teams to define requirements and ensure scalable, secure, and maintainable AI-driven automation solutions.
• Identify opportunities to develop automated solutions using Microsoft Copilot, Power Automate, or another approved automation tool.
• Develop and maintain cybersecurity and IT policies, standards, procedures, program metrics and help develop automated compliance reports and risk metrics for executive leadership, to improve decision-making and reduce operational risk.
• Coordinate work assignments with process owners, control owners, external auditors, and consultants, ensuring issues are documented, monitored, and resolved.
• Advise internal stakeholders on internal control design for ongoing risk mitigation of information systems based on regulatory requirements and best practices.
• Communicate security issues and risks effectively to diverse audiences and ensure compliance with applicable controls based on a unified framework.
• Identify and correct process gaps proactively, recommending improvements to advance the Bank’s information security program maturity in alignment with company goals.
• Guide program leaders on risk remediation efforts, ensuring adequacy of response and timeliness based on risk severity.
• Perform major assignments related to GRC program operations, including evaluation of high-risk processes and applications, strategic planning inputs, and execution of automation initiatives.
• Work independently on complex programs and assignments with diverse teams and perform other duties as assigned.