The Senior Analyst, IT GRC works within the Information Security Office to help with development and management of the GRC Program. In particular, this position is responsible for generating and coordinating responses to security questionnaires and vendor assessments performed by our external customers and regulators. The position will also support third party vendor assessments completed by the IT GRC team, as well as any internal or external audits and coordination of any requests for information resultant from those engagements.
DUTIES AND RESPONSIBILITIES
Support and manage the process for coordinating responses to customer and regulatory inquiries related to information security and IT, including questionnaires, requests for information, and similar.
Support and manage external IT-related attestation engagements, including SOX, SSAE18/SOC, HIPAA, PCI or similar; as well as others where required.
Develop and maintain strong business and technology relationships.
Liase with other internal regulatory subject matter experts such as Legal, Privacy, Internal Audit, and others as needed to ensure alignment with regulatory requirements.
Complete vendor risk assessments for technology vendors, including scoring and reporting of risks;
Communicate effectively across multiple levels.
License/Certification/Education: Normally requires a B.S. Degree in Computer Science w/7+ years of experience.
At least 2-5 years in Information Security, IT Audit/Governance/Risk/Compliance, or similar role.
Understanding and experience with requirements in regulated IT environments.
Proven project management and organizational skills, specifically managing multiple, concurrent projects.
Experience and exposure to customer- and regulator-facing engagements, including audits, responses to questionnaires.
Demonstrated leadership skills with ability to communicate effectively and collaborate strongly within a virtual team.
Excellent conceptual and critical thinking skills and sound judgment, with strategic
orientation and ability to perform tactically, as required.
Bachelor's degree in business/technology or related field strongly preferred.
Strong preference for candidates with certifications completed or in process for one of the following: CISSP, CISA, CISM, CRISC, CIPP, or comparable.
ScheduleMonday through Friday, 8:00-5:00