Member of Risk Team (GRC Senior Analyst)
Anchorage Digital
Technical Skills:
- Has a complete conceptual knowledge and full understanding in principles, practices, and a working knowledge of GRC Framework.
- Experience with administered GRC Platforms, including, setting up workflows, requirements and access within the tool.
- Applies experience and analytical skills to “connect the dots” between the company’s business and products to the IT environment in order to evaluate whether IT compliance obligations are being met.
- Has working experience in SOC reviews, IT controls, audit processes, information security, policy governance and management.
- Applies critical thinking in creating risk and controls descriptions to be both concise and accurate by working with key stakeholders across the organization business.
- Resolves a wide range of issues in creative ways working directly with control owners to ensure regulatory requirements are being met, including managing and tracking findings (from risk assessments, audits, etc.) from identification to remediation.
- Experience in working with SaaS software engineering teams and have a strong understanding of Cloud Security technologies.
Complexity and Impact of Work:
- Responsible for supporting the entire life-cycle of the company’s GRC Framework, including identifying risks, mapping to regulatory requirements, to planning, control owner coaching/prep, evidence requests, walk-throughs, follow ups, and reporting.
- Can work autonomously, defines priorities under broad direction, and applies problem solving skills to translate regulations and compliance obligations into technical controls, and vice-versa.
- Drives work independently and significantly contributes to medium-to-large cross-functional projects with little oversight and coordinating activities of other project team members.
- Contribute to regulatory exam preparations
- Consistently demonstrates on-time delivery and high quality work product. Where a deadline or commitment is at risk, escalates to manager to help manage priorities, if appropriate, and alerts affected stakeholders so "no surprises.”
Organizational Knowledge:
- Is aware of the strategy of Anchorage and is considered when not only working cross-functionally with security, product, design, engineering, legal, TPRM, people, and external auditors but also understanding how each area is impacted by compliance.
- Influence the IT Risk roadmap and initiatives.
- Understands how the company’s priorities relate to their own area of work, and clearly communicates the ‘why’ behind the work.
Communication and Influence
- Promotes a positive working environment through proper listening, speaking and empathy with team members.
- Embodies and is a role model of our culture pillars.
- Communicates proactively, takes ownership in assigned work/projects, and is comfortable asking questions when something is unclear or to further knowledge in a specific area.
- Contributes to cross-functional projects, collaborates with their team and adjacent teams working directly with subject matter experts and doing meaningful translation of compliance requirements into actionable processes.
- Enhances relationships and networks with senior internal and external stakeholders within their own area of expertise.
- Consistently expresses clear, thoughtful, analytical and solutions-oriented communications, whether in high-impact slides/decks, written communications in slack or email, or verbal communications.
You may be a fit for this role if you have:
- Has 5-10 years of experience in implementing and assisting in the management of GRC Programs in a highly-regulated environment, including proficiency in IT Risk Assessments and Technology Audits.
- Has proven experience in managing risk assessments and audit/testing engagements from planning to reporting with minimal supervision.
- Proficient in implementing and administering GRC Platforms, including, setting up workflows, requirements and managing access within the tool.
- Experience in working with SaaS software engineering teams and have a strong understanding of Cloud Security technologies.
- Certification in one or more of the following audit or security focus areas: CISA, CISSP, CCSP, CISM, etc.
Although not a requirement, bonus points if:
- Strong data analytical skills, capable of interpreting complex data sets to drive business results
- Have experience in Issue Management framework, including drafting issue language, remediation plans, and validate the remediation.
- You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)