The GRC Specialist is responsible for assessing and documenting of the Bank's compliance and risk posture as they relate to IT's information assets. The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Principal Duties & Responsibilities:
- Expert at conducting gap analysis, communicate results, and use expert knowledge to implement frameworks and standards changes to NIST, SOX and GLBA controls.
- Proficient monitoring compliance with industry and government rules and regulations, interpret impact and develop or revise policies, standards, and processes to meet regulatory standards applicable to the business.
- Carries major assignments in conducting business operations and supports the technical implementation and maintenance of the IT GRC tool, leveraging industry knowledge and experience to ensure best practices are followed.
- Authority to negotiate with key stakeholders in the business to prioritize, identify, assess, aggregate and document risks and controls, including risks associated with new applications, services, regulations, and third-party operations using advanced knowledge.
- Delivers impactful presentation of findings to various levels of leadership and get buy-in.
- Implement processes to automate and continuously monitor information security controls, exceptions, risks, testing while developing metrics, dashboards, and evidence artifacts to communicate results of risk assessments to business process owners and various levels of leadership.
- Use knowledge and skills to influence remediation and prioritization of key risks while demonstrating holistic understanding and management of risks according to regulatory requirements and industry best practices.
- Provide expert advice to enhances processes, strategies, tools, and methodologies to measure, monitor, and report risks.
- Applies advanced knowledge to produce analytical material for discussions with cross functional teams to understand business objectives and influence solution strategies.
- Leverage experience and knowledge to serve as a key contributor in cross-functional teams to identify, assess, aggregate, and mitigate current and emerging risk events.
- Serves as a subject matter expert, provides expert advice and formulate and evaluate contingency plans in partnership with key business stakeholders.
- Create efficiencies in for audit engagements by establishing and maintaining a document request list (DRL) library.
- Guide and support the identification and resolution of risks via the Issue Management process and perform other duties as assigned.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.