Senior GRC Analyst

About The Position

Requirements

• Applicants must have current authorization to work in the United States on a full-time basis.
• Typically 5 years business experience; exhibit strong basic execution capabilities and begin to take on more responsibility
• Working knowledge of the regulatory environment Encore operates in and associated requirements - e.g. SOX, PCI, GLBA, ISO
• Ability to follow guidelines and identify and resolve problems
• English language proficiency

Nice To Haves

• Certification: Preferable Cobit, MOR (Management of Risk) and ITIL V3 Expert or ITIL Managing Professional
• Degree: Master or Advanced
• Field of Study: Computer Science, Information Systems, Information Technology, Information Security
• Experience working for a publicly traded company in a similar role or with a reputable auditing /consulting firm

Responsibilities

• Audit and assess firm wide plan for IT Risk and Compliance policies and rules - log-in and passwords, etc.
• Participate in process and control documentation pertaining to controls implementation.
• Develop and implement operational and enterprise governance frameworks.
• Perform business impact analysis and assist with development of IT/InfoSec risk register.
• Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management.
• Develop and manage the automation of KPIs & KRIs reporting that align with operational/business risk.
• Support internal and external audit process for relevant compliance concerns and risk management to re mediate new and outstanding issues including PCI, SOX, ISO, NIST, Issuers etc.
• Support vendor due-diligence process and help to lead and define overall third party risk management efforts including contracts ,performance etc.
• Perform periodic gap assessments across product lines to validate compliance on an ongoing basis.
• Driving remediation activities from identification, remediation plan and closure for various information systems and processes.
• Other data security projects as assigned.
• Liaise on with GPS counterparts for compliance reporting & continually enhancing the risk & compliance framework implemented for the project.

Benefits

• Competitive salary
• Monthly incentives or annual bonus
• Paid training and development programs
• Promote-from-within philosophy
• Informal accolades
• Formal company-wide awards and prizes
• All-inclusive vacations
• Tuition Assistance
• Comprehensive healthcare plans and options
• Fitness membership reimbursements
• Weight watchers
• Wellness rewards Program
• Up to eight hours of paid time off each year to volunteer
• Volunteer grants
• Matching financial donations, up to US$ 2,500 per employee annually
• Retirement Savings
• Company paid leave for new family support
• New parent flex time
• Child back-up care options
• Team-building events
• Holiday celebrations
• Department outings
• Paid and floating holidays
• Generous paid-time-off
• Wellness and mental health initiatives
• Support volunteerism
• Environmental efforts
• Leadership training
• Skill-building