Senior, Technology GRC Analyst

About The Position

Requirements

• High school diploma or equivalent
• 3+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience

Nice To Haves

• 5+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience
• Certified in Risk and Information Systems Control (CRISC)
• Skilled in assessing technology and information security risks, identifying control gaps, and evaluating potential business impacts
• Skilled in interpreting and applying technology, cybersecurity, privacy, and regulatory requirements within a risk management framework
• Skilled in analyzing complex information, identifying trends and root causes, and developing practical risk based recommendations
• Skilled in evaluating the design and effectiveness of controls and assessing alignment with organizational standards and industry frameworks
• Skilled in communicating complex technical and risk related concepts to diverse audiences through reports, presentations, and stakeholder discussions, utilizing a framework such as NCUA, FFIEC, GLBA, PCI-DSS, etc.
• Skilled in building collaborative relationships and providing independent guidance, challenge, and consultation across functions
• Ability to exercise sound judgment, prioritize competing risks, and make recommendations in situations involving ambiguity or incomplete information
• Ability to coordinate multiple assessments, audits, remediation activities, and stakeholder groups while maintaining attention to detail

Responsibilities

• Conduct complex risk assessments of existing and proposed technology assets, services, and operations to identify vulnerabilities, threats, control gaps, and emerging risks; provide recommendations to support risk informed decision making
• Prepare clear, actionable risk reports and dashboards for leadership, highlighting key findings, trends, and remediation progress
• Review, test, and validate the effectiveness of controls against established frameworks, regulatory requirements, and organizational standards; identify control gaps and provide recommendations to strengthen the control environment
• Monitor and report compliance with applicable technology, cybersecurity, privacy, and regulatory requirements; identify potential concerns and validate corrective actions implemented to address identified issues
• Advise stakeholders on the development and ongoing improvement of security standards and procedures to strengthen the organization's control environment and address emerging risks
• Provide independent review and challenge of technology and information security risks, control effectiveness, remediation plans, and risk acceptance decisions; consult with stakeholders on risk mitigation strategies and control considerations
• Participate in post incident response and post reviews to assess response effectiveness, identify control or process weaknesses, and provide recommendations to strengthen business continuity and disaster recovery preparedness
• Assess technology and information security risks associated with third party relationships and provide recommendations to support vendor risk management activities
• Coordinate findings and remediation activities related to internal and external audits, examinations, and assessments; validate corrective actions and identify recurring risk themes or control weaknesses