IT GRC Analyst II

About The Position

Requirements

• 5 Years Required Relevant Experience
• Teamwork, collaboration, self-driven and effective communication skills - both written and verbal.
• 3+ years of IT Security and/or IT Risk Management experience working in a mid-to-large size company
• Basic proficiency or ability to learn one or more of the following: Risk and controls assessments, Documenting and maintaining IT Policies / Standards, IT Risk aggregation, reporting, KPI/KRIs, Issues management, Third party risk management
• Working knowledge of various industry security standards and frameworks including: NIST, ISO 27001, ISF Standard of Good Practice (SoGP), etc.

Nice To Haves

• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
• Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification
• Experience working in a financial institution.
• Experience working within a DevOps environment.

Responsibilities

• Identify, document, and monitor technology risks present across both internal and external (vendor / cloud) environments
• Quantify inherent and residual IT risk levels to enhance analytics, inform prioritizations, and for use in management reporting
• Work with risk remediation owners to establish remediation plans with milestones and target dates, and monitor progress towards remediation, escalating as appropriate
• Execute technology risk management processes and provide input to support continuous improvement of process and program design
• Perform risk and controls assessments while aggregating reporting for Audit and/or Regulatory issues.
• Partner with relevant stakeholders to establish clear and consistent IT risk reporting, metrics, KRIs, and KPIs to inform decision making