Explore More
Senior Analyst, IT GRC -- Risk Management
Apply Now
Location Durham, North Carolina
Job ID 19-87239
The Senior Analyst, Risk Management - IT Governance, Risk, and Compliance (GRC) works within the Information Security Office to help with development and management of the GRC Program. In particular, this position is responsible for supporting the IT Risk Management function through completion of risk assessments on internal processes and third parties, and identification and maintenance of risks as they go through the Risk Management lifecycle.
DUTIES AND RESPONSIBILITIES
- Conduct formal risk analysis and assessments, generate reports on assessment findings and summarize them to facilitate remediation tasks for other IT operational teams.
- Provide guidance to IT teams on remediation plans and exception requests.
- Develop and maintain strong business and technology relationships both internally and with third parties and strategic partners.
- Communicate effectively across multiple levels of management.
- Identify initiatives with risk areas that need specialized security expertise.
- Additional responsibilities as assigned.
Requirements
License/Certification/Education: Normally requires a B.S. Degree in Computer Science w/7+ years of experience.
JOB QUALIFICATIONS:
3-5 years in Information Security, IT Audit/Governance/Risk/Compliance, or similar role.
Strong knowledge of information security governance, risk, and compliance programs.
Strong understanding and experience with requirements in regulated IT environments.
Proven project management and organizational skills, specifically managing multiple, concurrent projects.
Strong analytical background and technical skills with the ability to apply regulatory requirements to IT operational and technical controls.
Demonstrated leadership skills with ability to communicate effectively and collaborate strongly within a virtual team.
Excellent conceptual and critical thinking skills and sound judgment, with strategic
orientation and ability to perform tactically, as required.
Experience and understanding of the functionality of GRC tools such as Archer is a plus.
Bachelors in business/technology or related field required; graduate degree preferred.
Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, CRISC,
GCIH, CIPP
REQUIRED SKILLS:
Bachelor's degree in business/technology or related field strongly preferred.
5+ years of experience in IT Security, IT Risk Management, Compliance, or related field
Knowledge and experience in Information Security Risk Management
Knowledge of information security governance, risk, and compliance programs.
Proven project management and organizational skills, specifically managing multiple, concurrent projects.
Ability to communicate effectively and collaborate strongly within a virtual team.
Excellent conceptual and critical thinking skills and sound judgment, with strategic
orientation and ability to perform tactically, as required.
Strong preference for candidates with certifications completed or in process for one of the following: CISSP, CISA, CISM, CRISC, CIPP, or comparable.
Shift
1Schedule
8:00 a.m. to 5:00 p.m., Monday through Friday