Senior Governance, Risk, and Compliance (GRC) Process Analyst

About The Position

Requirements

• 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Technology (IT) Audit, Information Security, vulnerability management, and Compliance
• 5+ SOX ITGC, Security Controls, Vulnerability Management processes, Audit lifecycle and compliance practices
• 3+ Experience with Governance, Risk, and Compliance (GRC) tools such as ServiceNow GRC, Audit Board, and CAIRO
• 3+ years with infrastructure experience including network, database, operating systems, IAM, change management, and periodic reconciliations
• 3+ years of industry security standards experience, such as NIST, ISO 27001, COBIT, and OWASP
• 3+ years in risk management
• 3+ years in root cause corrective analysis
• 5+ years of managing multiple competing priorities
• 5+ years of experience in consulting or in a strategic role that influences the business
• Must have excellent communication and presentation skills

Nice To Haves

• 10 or more years’ related work experience or an equivalent combination of education and experience
• 10+ years of experience in GRC, IT Audit, Information Security, vulnerability management, and Compliance
• 10+ SOX ITGC, Risk Management methodologies, Security Controls, Vulnerability Management processes, Audit lifecycle and compliance practices
• 5+ Experience with GRC tools such as ServiceNow GRC, Audit Board, and CAIRO
• 10+ years hands on experience with Governance, Risk, and Compliance (GRC) experience
• 5+ years with infrastructure experience including network, database, operating systems, IAM, change management, and periodic reconciliations
• 5+ years of industry security standards experience, such as NIST, ISO 27001, COBIT, and OWASP
• 5+ years in risk management
• 5+ years in root cause corrective analysis

Responsibilities

• Support the organization’s GRC framework, policies, standards, and procedures
• Conduct risk assessments and maintain enterprise risk registers.
• Identify, assess, and track remediation of technology and cybersecurity risks
• Assist in third-party/vendor risk assessments and compliance reviews
• Monitor compliance with internal policies and regulatory requirements
• Support ITGC (IT General Controls) and SOX compliance activities
• Coordinate control testing, evidence collection, and remediation tracking
• Work with control owners to ensure Design effectiveness and operational effectiveness of SOX controls
• Assist during external and internal SOX audits
• Maintain documentation for SOX controls, narratives, and process flows
• Coordinate vulnerability management activities with infrastructure teams
• Track remediation of identified vulnerabilities and security findings.
• Support periodic access reviews and security compliance assessments
• Act as liaison between IT/Security teams and Internal/External Auditors
• Prepare audit evidence and coordinate audit requests.
• Track audit findings and remediation plans through closure
• Assist with audit readiness initiatives and continuous monitoring activities
• Develop dashboards, metrics, and compliance reports for management
• Maintain accurate documentation for risks, controls, findings, and remediation efforts
• Support policy and procedure reviews and updates
• Support automation for SOX controls by identifying the scope and recommend all possible options for automation
• Directs activities to define, deploy, evaluate and support common computing standards, IT processes, tools and process/performance metrics
• Leads activities to define plans to support common standards and processes.
• Identifies qualitative and quantitative improvement measures
• Advises on the selection of key parameters and standards to monitor progress.
• Leads the definition, development and deployment of common process requirements and infrastructure products and services
• Directs activities to educate and promote use of Boeing IT common processes, methodologies, products and services.
• Leads, consults and coaches in common processes for software development and maintenance
• Leads the review and evaluation of new technology for software process impact.
• Supports and integrates architecture mapping to common processes

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work