Senior, Technology GRC Analyst

About the position The Senior Technology GRC Analyst helps the organization understand and manage technology and information security risks before they become larger issues. This role provides independent oversight of technology and cybersecurity risks, evaluates the effectiveness of controls, and helps leaders make informed decisions about risk. The position supports regulatory compliance, organizational preparedness, and the protection of organizational assets by identifying gaps, emerging risks, and opportunities to strengthen the overall control environment.

Responsibilities

• Conduct complex risk assessments of existing and proposed technology assets, services, and operations to identify vulnerabilities, threats, control gaps, and emerging risks; provide recommendations to support risk informed decision making
• Prepare clear, actionable risk reports and dashboards for leadership, highlighting key findings, trends, and remediation progress
• Review, test, and validate the effectiveness of controls against established frameworks, regulatory requirements, and organizational standards; identify control gaps and provide recommendations to strengthen the control environment
• Monitor and report compliance with applicable technology, cybersecurity, privacy, and regulatory requirements; identify potential concerns and validate corrective actions implemented to address identified issues
• Advise stakeholders on the development and ongoing improvement of security standards and procedures to strengthen the organization's control environment and address emerging risks
• Provide independent review and challenge of technology and information security risks, control effectiveness, remediation plans, and risk acceptance decisions; consult with stakeholders on risk mitigation strategies and control considerations
• Participate in post incident response and post reviews to assess response effectiveness, identify control or process weaknesses, and provide recommendations to strengthen business continuity and disaster recovery preparedness
• Assess technology and information security risks associated with third party relationships and provide recommendations to support vendor risk management activities
• Coordinate findings and remediation activities related to internal and external audits, examinations, and assessments; validate corrective actions and identify recurring risk themes or control weaknesses

Requirements

• High school diploma or equivalent
• 3+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience

Nice-to-haves

• 5+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience
• Certified in Risk and Information Systems Control (CRISC)
• Skilled in assessing technology and information security risks, identifying control gaps, and evaluating potential business impacts
• Skilled in interpreting and applying technology, cybersecurity, privacy, and regulatory requirements within a risk management framework
• Skilled in analyzing complex information, identifying trends and root causes, and developing practical risk based recommendations
• Skilled in evaluating the design and effectiveness of controls and assessing alignment with organizational standards and industry frameworks
• Skilled in communicating complex technical and risk related concepts to diverse audiences through reports, presentations, and stakeholder discussions, utilizing a framework such as NCUA, FFIEC, GLBA, PCI-DSS, etc.
• Skilled in building collaborative relationships and providing independent guidance, challenge, and consultation across functions
• Ability to exercise sound judgment, prioritize competing risks, and make recommendations in situations involving ambiguity or incomplete information
• Ability to coordinate multiple assessments, audits, remediation activities, and stakeholder groups while maintaining attention to detail