Sr. Analyst, IT Governance, Risk & Compliance

About The Position

Requirements

• Bachelor’s degree in a related field such as Computer Science, Information Technology, or a related discipline.
• 5 + years of experience in an IT GRC or related field required.
• Demonstrated experience supporting compliance with Sarbanes‑Oxley (SOX) IT General Controls, including control design, testing coordination, evidence management, and remediation oversight in partnership with Internal and External Audit.
• Proven knowledge of DFARS and ITAR regulatory requirements as they apply to information systems, data protection, access controls, and service providers, with experience supporting assessments, contractual requirements, and control enforcement across business units.
• Demonstrated experience supporting enterprise data privacy programs, including the interpretation and application of global privacy regulations such as GDPR and CCPA, participation in data privacy impact assessments (DPIAs), and oversight of privacy‑related controls within IT governance frameworks.
• Proven ability to partner with Legal, Information Security, Internal Audit, and business stakeholders to assess privacy risks, support contractual and vendor privacy requirements, and ensure appropriate handling, protection, and retention of personal data across systems and service providers.
• Demonstrated experience providing governance, risk, and compliance oversight for IT resiliency, backup, and recovery programs, including policy development, control definition, risk assessments, and validation of recovery readiness.
• Proven ability to oversee backup and disaster recovery control effectiveness, including immutability, retention, encryption, and restoration testing, while coordinating evidence, certifications, and remediation activities with Business Units, Information Security, and Internal Audit.
• Experience operating within a centralized model while enabling consistent execution and compliance across decentralized business units.
• Experience or working knowledge of IT governance and compliance frameworks such as COSO, ISO 27001, PCI‑DSS, COBIT, and ITIL.
• Strong analytical and assessment skills with experience supporting IT risk assessments, audits, or compliance activities across a variety of technologies and platforms.

Nice To Haves

• Risk‑ or audit‑related professional certifications preferred, such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), or Certificate of the Business Continuity Institute (CBCI), or equivalent demonstrated experience.

Responsibilities

• Identify, monitor, and support activities responsible for validating the effectiveness of IT security, governance, risk, and compliance programs.
• Support alignment between IT and audit activities while ensuring adherence to adopted standards, frameworks, and methodologies.
• Evolve the enterprise IT GRC roadmap, driving continuous improvement in governance maturity, risk visibility, and control effectiveness across the organization.
• Develop and provide guidance for advisory reviews related to system implementations, technology strategies, mergers and acquisitions, fraud events, and service interruptions.
• Contribute to a sustainable IT general control environment through involvement in key IT internal control and governance activities.
• Coordinate with Business Units to align controls with enterprise IT policies, standards, trends, and best practices.
• Support internal and external audit activities related to IT governance by assisting with policies, narratives, evidence expectations, and self-assessment documentation.
• Participate in IT risk assessment activities, including third party and service provider risk reviews, and contribute to broader risk management, compliance, and internal control initiatives as needed.
• Serve as a subject matter resource to support the identification and assessment of IT risks and to improve the effectiveness and efficiency of IT controls.
• Identify and recommend opportunities for improved governance processes and technology-based tools to support risk mitigation and compliance oversight.
• Support the development and maintenance of enterprise IT governance policies, standards, procedures, and control requirements to assure compliance with applicable regulatory, audit, and contractual obligations, as well as sound business practices.
• Review Business Unit certifications and submissions, identify variances, and support the development of remediation actions in coordination with BU leadership.
• Support formal IT risk analysis and self‑assessment activities for systems, processes, and services, including global asset risk and obsolescence considerations.
• Contribute to continuity governance and risk mitigation activities related to disaster recovery, backup and recovery practices, and system lifecycle management.
• Support the development, implementation, and monitoring of compliance oversight activities related to ITAR/DFARS, PCI, data privacy regulations (e.g., GDPR, CCPA), and contractual, licensing, and usage requirements, where governance remains centralized.
• Liaise with Internal Audit, Corporate Compliance, Legal, and Business Unit IT leadership to support IT governance, risk, and compliance initiatives and audit activities.
• Monitor IT‑related regulatory, compliance, and legal trends and support the communication of relevant impacts and expectations across the organization.
• Assist with training and awareness activities for IT staff and Business Units related to IT governance, risk management, and compliance expectations, as needed.

Benefits

• Beyond an associate’s base compensation, we reward and reinforce wellbeing with a compelling package of both cash and non-cash benefits, including comprehensive health, wellness incentives, assistance with retirement savings, paid time off, paid holidays, and tuition reimbursement — as well as performance-based bonus programs for certain positions.
• Crane prioritizes career development for our associates.
• All associates receive an annual development plan that includes a mixture of on-the-job coaching and formal training experiences to support individual development needs.
• We firmly believe in associate growth that supports career progression and we will proactively support your ongoing career development.