Della Infotech
Senior IT Governance, Risk and Compliance Analyst
Della Infotech, Harrisburg, Pennsylvania, us, 17124
Description:
Job Responsibilities:As the Senior IT Governance, Risk and Compliance Analyst, you will be primarily responsible for supporting the delivery of a successful governance, risk, and compliance (GRC) program at the American Red Cross. You will design, implement, and monitor a comprehensive IT policy and control framework, supporting mission-critical business systems and processes. This framework will meet minimum requirements including NIST 800-53, NIST 800-171, and best practices in IT governance, security, risk, and compliance. Working closely with key stakeholders and cross-functional colleagues, you will advise on the design and execute assessments to identify areas of improvement. You will also work with IT and business leadership to remediate any gaps as a first line of defense.
The primary focus of this position will be to mature American Red Cross' GRC program through process improvement, policy, automation, training and awareness, and continuous evolution of capabilities. This role provides a unique opportunity to combine IT, audit, and process improvement skill sets and to work with leaders across IT, Information Security, Internal Audit, Finance, and Office of General Counsel (OGC).
What you'll be doing:Overall Governance, Risk, and Compliance•As a Senior IT Governance, Risk and Compliance Analyst, you will be the subject matter expert and liaison between IT GRC and the lines of business as it pertains to third-party risk management screening, issues and vulnerability management, and cross-functional security and privacy control assurance•Assist the Director, IT Governance, Risk, and Compliance and Senior Director, IT Governance, Risk and Compliance with IT governance and controls, internal and external audit readiness and support, and policy and standard development•Responsible for daily governance, risk, control, and compliance functions•Participate and contribute to the IT Governance, Risk and Compliance program, ensuring IT controls, policies, processes, and procedures support the mission of the Red Cross and meet state and federal regulations and laws, as well as, best practices•Collaborate with and influence technology and business leaders and staff to create, sustain, and strengthen internal control framework for the organization through control identification, design, implementation, and testing•Provide guidance, training, and motivation necessary to create control awareness, ownership and accountability to stakeholders•Consult with Information Security, Office of General Counsel/Legal, Supply Management, Risk Management, Audit Services, and other appropriate parties sharing expertise and knowledge to strengthen the control environment•Interpret regulatory compliance requirements and assist with gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST-800-53/171/30 and other regulatory standards•Provide guidance, interpretation, and support of SOC 1 and SOC 2 Security Trust criteria•Research regulations by reviewing regulatory bulletins and other sources of information, to maintain quality service by establishing and enforcing organization standards•Support the maintenance of program processes and procedures (e.g., SharePoint tools)•Stay current on technologies, technology trends and directions, and best practices. Evaluate potential technologies for use within the enterprise.Control Assessment Process•As a subject matter expert (SME), participate in on-going evaluations and validation of IT control effectiveness and internal business processes via the IT Governance and Controls Checklist and other tools, as they relate to compliance activities within areas of responsibility•Review control documentation to assess the quality and effectiveness of the implemented controls•Identify and communicate opportunities to enhance technical controls which contributes to sustaining a robust control environment•Document, track, and report on control gap findings, risk, impacts and recommendations to management•Participate in the establishment actionable metrics to drive the control assessment process and influence behaviors to IT Leadership•Manage the Exception and Risk Acceptance Process as it relates to control gaps and audit findingsAudit Support•Work with Internal and External auditors, business stakeholders and suppliers as appropriate on required IT control assessments and audits•Provide first level of support and consulting to the business and IT on internal audit activities and results as well as risk mitigation initiatives in response to audit findings•Manage overall remediation process and create and oversee action plans to remediate issuesPolicy, Standard, and Procedures•Support and assist with coordination and implementation of Information Technology policies and standards to sustain regulatory and compliance initiatives as required by the business needs•Work and consult with the President's Office during policy review and communication•Analyze policies, standards, procedures, and guidelines for regulatory and compliance requirements, and recommend solutions for identified weaknesses, to improve compliance operations, recommend and assist in changes to best practicesScopeIndividual contributor that is fully proficient in applying subject matter knowledge. Knowledge based acquired from several years of experience in particular area. Work independently and may instruct, or coach other professionals."Qualifications:
Education:•Bachelor's degree in a related field required (IT, audit, and/or information security) or closely related discipline•Five (5) years professional experience in IT external audit, IT internal audit, IT compliance, Information Security, or related field."
Experience:•Working knowledge of control frameworks, IT general controls, and security controls such as, NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001•Highly motivated and proactive with strong organizational, communication, and project management skills•Experience drafting, remediating, or editing of IT policies, standards, procedures and controls•Experience working cross functionality with engineers, product and security teams, business leaders at all levels of the organization•Experience coordinating with internal and/or external audit teams"
Skills & Abilities:•Ability to understand key controls and communicate them in a digestible way to IT technologists, control owners, and senior leaders•Strong written and oral communication skills with utilization of appropriate tools (MS Excel, GRC software, etc.)•Solid analytical and problem-solving skills in process review and issue remediation•Open-mindedness, creative thinking, willing to take calculated risks, and make informed decisions•Certifications such as CISA, CISSP, CISM, CRISK are a plus•A sense of unparalleled passion, energy, and eagerness to contribute to and support the mission of the Red Cross"
DISCLAIMER: The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be construed as an exhaustive list of responsibilities, duties and skills required of personnel so classified.Is this position fully remote?Additional DetailsPreferred Pay Rate Range : 45 - 55FLSA Exemption Status : ExemptWill the worker be handling cash? : NoWill the worker be driving a vehicle? : NoWhat type of vehicle will the worker be driving? : (No Value)What will the worker be transporting? : (No Value)Provide details regarding what the worker will be transporting : (No Value)Does this job require the worker to be fully vaccinated against COVID-19? : NoWork Hours : 1st ShiftSelect the time zone of the work hours. : ESTGo To Work : NoProvide specific details regarding work schedule or hours. : 8:30 to 5:30Is this position fully remote? : YesSkill Category : ProfessionalIf there is a special recruitment reason, please select the reason. If not, please leave as No : NoAlternative Job Title if different than Job Posting Template Title : N/ADo you have a pre-identified candidate for this position? : NoIf yes, what is their name? : (No Value)
Job Responsibilities:As the Senior IT Governance, Risk and Compliance Analyst, you will be primarily responsible for supporting the delivery of a successful governance, risk, and compliance (GRC) program at the American Red Cross. You will design, implement, and monitor a comprehensive IT policy and control framework, supporting mission-critical business systems and processes. This framework will meet minimum requirements including NIST 800-53, NIST 800-171, and best practices in IT governance, security, risk, and compliance. Working closely with key stakeholders and cross-functional colleagues, you will advise on the design and execute assessments to identify areas of improvement. You will also work with IT and business leadership to remediate any gaps as a first line of defense.
The primary focus of this position will be to mature American Red Cross' GRC program through process improvement, policy, automation, training and awareness, and continuous evolution of capabilities. This role provides a unique opportunity to combine IT, audit, and process improvement skill sets and to work with leaders across IT, Information Security, Internal Audit, Finance, and Office of General Counsel (OGC).
What you'll be doing:Overall Governance, Risk, and Compliance•As a Senior IT Governance, Risk and Compliance Analyst, you will be the subject matter expert and liaison between IT GRC and the lines of business as it pertains to third-party risk management screening, issues and vulnerability management, and cross-functional security and privacy control assurance•Assist the Director, IT Governance, Risk, and Compliance and Senior Director, IT Governance, Risk and Compliance with IT governance and controls, internal and external audit readiness and support, and policy and standard development•Responsible for daily governance, risk, control, and compliance functions•Participate and contribute to the IT Governance, Risk and Compliance program, ensuring IT controls, policies, processes, and procedures support the mission of the Red Cross and meet state and federal regulations and laws, as well as, best practices•Collaborate with and influence technology and business leaders and staff to create, sustain, and strengthen internal control framework for the organization through control identification, design, implementation, and testing•Provide guidance, training, and motivation necessary to create control awareness, ownership and accountability to stakeholders•Consult with Information Security, Office of General Counsel/Legal, Supply Management, Risk Management, Audit Services, and other appropriate parties sharing expertise and knowledge to strengthen the control environment•Interpret regulatory compliance requirements and assist with gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST-800-53/171/30 and other regulatory standards•Provide guidance, interpretation, and support of SOC 1 and SOC 2 Security Trust criteria•Research regulations by reviewing regulatory bulletins and other sources of information, to maintain quality service by establishing and enforcing organization standards•Support the maintenance of program processes and procedures (e.g., SharePoint tools)•Stay current on technologies, technology trends and directions, and best practices. Evaluate potential technologies for use within the enterprise.Control Assessment Process•As a subject matter expert (SME), participate in on-going evaluations and validation of IT control effectiveness and internal business processes via the IT Governance and Controls Checklist and other tools, as they relate to compliance activities within areas of responsibility•Review control documentation to assess the quality and effectiveness of the implemented controls•Identify and communicate opportunities to enhance technical controls which contributes to sustaining a robust control environment•Document, track, and report on control gap findings, risk, impacts and recommendations to management•Participate in the establishment actionable metrics to drive the control assessment process and influence behaviors to IT Leadership•Manage the Exception and Risk Acceptance Process as it relates to control gaps and audit findingsAudit Support•Work with Internal and External auditors, business stakeholders and suppliers as appropriate on required IT control assessments and audits•Provide first level of support and consulting to the business and IT on internal audit activities and results as well as risk mitigation initiatives in response to audit findings•Manage overall remediation process and create and oversee action plans to remediate issuesPolicy, Standard, and Procedures•Support and assist with coordination and implementation of Information Technology policies and standards to sustain regulatory and compliance initiatives as required by the business needs•Work and consult with the President's Office during policy review and communication•Analyze policies, standards, procedures, and guidelines for regulatory and compliance requirements, and recommend solutions for identified weaknesses, to improve compliance operations, recommend and assist in changes to best practicesScopeIndividual contributor that is fully proficient in applying subject matter knowledge. Knowledge based acquired from several years of experience in particular area. Work independently and may instruct, or coach other professionals."Qualifications:
Education:•Bachelor's degree in a related field required (IT, audit, and/or information security) or closely related discipline•Five (5) years professional experience in IT external audit, IT internal audit, IT compliance, Information Security, or related field."
Experience:•Working knowledge of control frameworks, IT general controls, and security controls such as, NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001•Highly motivated and proactive with strong organizational, communication, and project management skills•Experience drafting, remediating, or editing of IT policies, standards, procedures and controls•Experience working cross functionality with engineers, product and security teams, business leaders at all levels of the organization•Experience coordinating with internal and/or external audit teams"
Skills & Abilities:•Ability to understand key controls and communicate them in a digestible way to IT technologists, control owners, and senior leaders•Strong written and oral communication skills with utilization of appropriate tools (MS Excel, GRC software, etc.)•Solid analytical and problem-solving skills in process review and issue remediation•Open-mindedness, creative thinking, willing to take calculated risks, and make informed decisions•Certifications such as CISA, CISSP, CISM, CRISK are a plus•A sense of unparalleled passion, energy, and eagerness to contribute to and support the mission of the Red Cross"
DISCLAIMER: The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be construed as an exhaustive list of responsibilities, duties and skills required of personnel so classified.Is this position fully remote?Additional DetailsPreferred Pay Rate Range : 45 - 55FLSA Exemption Status : ExemptWill the worker be handling cash? : NoWill the worker be driving a vehicle? : NoWhat type of vehicle will the worker be driving? : (No Value)What will the worker be transporting? : (No Value)Provide details regarding what the worker will be transporting : (No Value)Does this job require the worker to be fully vaccinated against COVID-19? : NoWork Hours : 1st ShiftSelect the time zone of the work hours. : ESTGo To Work : NoProvide specific details regarding work schedule or hours. : 8:30 to 5:30Is this position fully remote? : YesSkill Category : ProfessionalIf there is a special recruitment reason, please select the reason. If not, please leave as No : NoAlternative Job Title if different than Job Posting Template Title : N/ADo you have a pre-identified candidate for this position? : NoIf yes, what is their name? : (No Value)