The Junior IT Governance, Risk, and Compliance (GRC) updates and maintains control matrices and provides recommendations for management’s consideration. This position takes a lead role in ensuring compliance with company internal controls, regulatory, ITGC and information security policies and procedures. The incumbent works with SaaS owners, legal and regulatory team, CorpIT team, Security Engineering team, external audit firms, and regulatory agencies to provide supportive documentation as applicable.
Responsibilities:
Attend to audit compliance gaps, continuously monitor controls and co-own as necessary key SaaS
Check alignment of ITGC policies with key SaaS and attend to any control deficiencies
Collaborate with different SaaS owners and perform periodic compliance assessments of key SaaS
Collaborate effectively with various departments across the organization, including business units, Corp IT, Security Engg, Legal, and Finance.
Perform internal audits and assessments to evaluate the effectiveness of controls, identify opportunities for remediation and ensure internal audit results are re-usable for any external audits
Proficiency in conducting third-party risk assessments, encompassing vendor collaboration, identification of issues, and formulation of actionable recommendations.
Own and manage communication, updates, submissions and remediation for all external audits
Propose, defend and implement GRC tools and systems to support risk management activities and facilitate automated compliance monitoring
Development and implementation of GRC process, standards, reporting metrics, dashboards and evidence artifacts to ensure compliance with regulatory requirements and industry best practices.
Development and delivery of training programs to raise awareness and promote a culture of governance, risk management and compliance within the organization
Stay informed about emerging trends and developments in GRC practices, regulations, and technology solutions to contribute to continuous improvement initiatives