Apply now »

Governance, Risk & Compliance Analyst - Corporate

JOB SNAPSHOT: 
Employee Type:  Full-Time
Location: 

Chicago, IL, US, 60601

Job Type:  Information Technology
Secondary Location: 
Years of Experience: 

Position Summary:

The Governance, Risk and Compliance (GRC) Analyst will work with the Chief Information Security Officer and GRC manager on all of RSG’s IT governance, risk and compliance activities. Primary responsibilities will include third party vendor management, risk management, access reviews, policy management, assessment requests, and maintaining security compliance documentation across the security program as needed. This individual will also work with the various departments at RSG to evaluate the design and effectiveness of the control environment. 

Essential Functions:

  • Conduct third party vendor risk assessments, make recommendations and perform periodic reviews.
  • Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.
  • Coordinate the development of best practice policies and standards based on various governance frameworks and ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
  • Develop and manage an information security risk register aligned with NIST CSF to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.
  • Identify, analyze, respond to and monitor IT risk, and ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
  • Design and implement a Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently.
  • Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
  • Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees.
  • Assist with the implementation of a GRC software platform for policy administration, compliance and risk management.
  • Coordinate information security internal audit, external audit, regulatory and SOX reviews from an information security and technology risk perspective.
  • Provide responses to partner security related questionnaires.
  • Coordinate with legal and compliance functions to ensure proper implementation of data privacy legislation and disclosure. 

Education/Experience/Skills:

  • Minimum of 3 years of relevant experience in the GRC space, preferably in financial services.
  • CISSP, CISM, CISA, or related security certification preferred.
  • Strong background in information technology with a clear understanding of the challenges of information security.
  • Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
  • Direct experience with regulatory compliance reviews and examinations.
  • Experience working with GRC tools. Experience with tools for third party risk management is a plus. 
  • Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
  • Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
  • Excellent leadership and teamwork skills.
  • Ability to influence others.
  • Team player with the ability to work independently.
  • Resourceful, energetic, self-starter, flexible, goal-oriented
  • Coding/scripting experience in one or more general purpose languages.

Disclaimer

Ryan Specialty Group is an Equal Opportunity Employer


Nearest Major Market: Chicago

Apply now »