Senior, Governance Risk & Compliance Analyst (Virtual, US)

The Senior IT Governance Risk and Compliance Analyst, (ITGRCA) oversees the Information Security risk management program, third party risk assessments, and risk council for capital and expense projects. This role is also responsible for leading a variety of annual/quarterly/monthly/bi-weekly/weekly procedures, controls and meetings. This role also manages the interface between IT management and both internal and external auditors for the Service Organization Control (SOC 2&3) and other compliance initiatives such as Sarbanes-Oxley (SOX), including providing requested audit inputs. This role reports to the Global Chief Information Security Officer.

• The Analyst manages the security risk assessments for capital projects and service providers. This involves identifying the risks presented by technological and process changes. This may include the review of architecture design, supporting processes/ procedures, etc. to ensure the proper controls are in place and risks are appropriately mitigated.
• Manage the Identity Management Program to ensure proper authorized access is maintained in critical applications.
• Enterprise Risk Management: Manage the process for gathering enterprise risks (strategic, operational, financial and legal/regulatory). Lead the initiative to analyze residual risk and benchmark against other risks across the Company. Compile feedback and lead the presentation for the ERM Committee, made up of key members of Executive Management
• Maintain a risk register and support continuous improvement of IT risk management processes.
• Assist with the Disaster Recovery and Business Continuity Plan testing annually.
• IT Regulatory Examinations and Internal Audits: Supports IT Audits to ensure their success. Provide assistance to IT managers and associates in writing up reports, the effective controls and action plans for any deficiencies.
• IT Risk Consulting: Works with management and associates to assess risks associated with technology solutions and ensures appropriate remediation strategies are employed. Consults with managers and associates to identify and assess current and emerging risks and strategic initiatives.
• Visit and perform an annual review of the security of the main data center. Monthly review the access to the data centers and computer rooms for reasonableness. Ensure physical security of all data centers, computer rooms and offices are sufficient and rules are communicated to appropriate personnel.
• IT Risk Metrics and Reporting: Leads the development of risk metric and reporting frameworks for Information Security. Delivers these metrics and reports on weekly, monthly and quarterly basis.
• Review 3rd Party SOC 1 Reports and analyze the competency of their controls.
• Gather relevant business, regulatory, process, and system information; validate/update process flows, risks, and controls; prepares accurate, complete, clear, and timely analysis and documentation that reflects an ability to identify risks and independently assess the adequacy and effectiveness of IT internal controls and their compliance with applicable laws, regulations, policies, and procedures.
• Monitor vulnerabilities, communicate them to owners, and hold owners accountable for remediation; follow up.
• Draft and distribute security alerts across the organization
• Coordinate Security Awareness Training initiatives.
• Maintain and prioritize a list of action items for the Information and Cybersecurity Departments
• Define action plans and timelines with process owners and manage them to completion/implementation
• Manage testing request lists from internal and external auditors, providing the interface between IT management and the auditors.
• Create, update and administer IT policies, standards and procedures. Ensure all IT policies, standards and procedures meet the guidelines established for each; ensures they are properly housed, refreshed, inventoried and approved.
• Draft Information Security deliverables to both internal and external partners on a variety of security and privacy topics.
• Schedule, compile presentations for and lead regularly held (quarterly, monthly, bi-weekly and weekly) meetings to update leadership, hold others accountable, bridge communications between departments and follow best practices.
• Information Security Incident Management: Ability to investigate, document and report on security incidents from identity theft to technology level incidents. At Sirva, we are committed to fair and transparent compensation practices. In accordance with applicable provincial and federal laws, we provide the following salary information for this position:
• Position Title: Senior, Governance Risk & Compliance Analyst
• Salary Range: $128,554-$161,000 CAD
• Benefits: Comprehensive benefits package that includes choice of two Medical plans and two dental plans; Retirement plan, RRSP employer match (after 1 year), Life & Disability Insurance, and more. Benefits are based on employment status a

Apply tot his job Apply To this Job