Jobs · Information Technology · Pennsylvania

Global Cybersecurity Senior GRC Analyst

UGI Utilities, Inc. · Lancaster County, PA · 3 wk ago
Information TechnologyFull-time

Job Summary

The Global Cybersecurity Senior GRC Analyst plays a critical role in ensuring the organization operates within its regulatory, legal, and compliance obligations while managing risk effectively. The role reports directly to the Global Cybersecurity Governance, Risk and Compliance Manager. Key responsibilities include developing and maintaining corporate policies, conducting gap assessments, managing risk registers, performing third-party risk assessments, ensuring compliance with regulatory requirements, and collaborating with various business units.

Key Responsibilities

  • Governance
    • Develop and maintain corporate policies, procedures, and frameworks aligned with industry best practices.
    • Affirm compliance with IT functions through assessments and tracking key risk indicators and security metrics.
  • Risk Management
    • Assist with conducting gap assessments to identify threats, vulnerabilities, and potential impacts on the organization.
    • Develop and maintain the risk register, ensuring risks are documented, prioritized, and mitigated.
    • Perform third-party/vendor risk assessments, document risk acceptance decisions, and develop templates for consistent risk documentation.
    • Assist in evaluating cybersecurity risk on incoming projects and assist in cybersecurity due diligence on merger/acquisition targets.
  • Compliance
    • Ensure compliance with regulatory requirements and industry standards through monitoring and reporting metrics, security exceptions, and using other methods to monitor compliance.
    • Drive compliance by maintaining the compliance framework to ensure policies and standards align with regulatory requirements, laws, and best practices.
  • Stakeholder Engagement
    • Collaborate with business units to understand critical processes.
    • Educate stakeholders on risk management concepts and frameworks.
    • Partner with technical teams to validate remediation plans.
    • Present risk findings to appropriate governance committees.
    • Coordinate and collaborate with stakeholders to establish and track metrics for governance programs.
    • Maintain awareness of regulatory and industry developments to ensure compliance with changes.
    • Coordinate and collaborate with stakeholders to track outcomes and metrics for all third-party breaches.
    • Advise stakeholders on compliance requirements and incorporate new metrics into governance life cycle process, including new tools as they are onboarded.
    • Coordinate the review of Policies and Standards through collaborating with stakeholders.
  • Collaboration and Reporting
    • Partner with IT, Legal, HR, and other departments to ensure alignment on risk and compliance efforts.
    • Create and deliver regular risk and compliance metrics for senior leadership and boards.
    • Serve as a subject matter expert (SME) for GRC-related queries and initiatives.

Qualifications

  • Education and Experience:
    • Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field, preferred.
    • At least 4 years of experience in GRC, risk management, or compliance roles.
  • Skills and Competencies:
    • Strong understanding of GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC).
    • Familiarity with risk management frameworks (e.g., COBIT, FAIR) and compliance standards.
    • Exceptional analytical, problem-solving, and organizational skills.
    • Strong written and verbal communication skills, with the ability to interact effectively with stakeholders at all levels.
    • Certifications such as CRISC, CISM, CISA or CISSP highly preferred.
  • Key Attributes:
    • Attention to detail and ability to manage multiple priorities.
    • Proactive mindset with a focus on continuous improvement.
    • Collaborative team player who can influence without authority.

Company Information

UGI Utilities, Inc. is an Equal Opportunity Employer. The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.

Successful applicants shall be required to pass a pre-employment drug screen as a condition of employment, and if hired, shall be subject to substance abuse testing in accordance with UGI policies.

As a federal contractor that engages in safety-sensitive work, UGI cannot permit employees in certain positions to use medical marijuana, even if prescribed by an authorized physician. Similarly, applicants for such positions who are actively using medical marijuana may be denied hire on that basis.

Similar jobs

Cybersecurity GRC Analyst

Western National InsuranceEdina, MN· 1 wk ago
Information Technology$66k–$114k/yrapply on recruiting.paylocity.com

Cyber GRC Analyst

News CorpAustin, TX· 2 wk ago
Engineeringapply on dowjones.wd1.myworkdayjobs.com

Senior GRC Analyst

LaddersUnited States· 6 days ago
RemoteBusiness Development$100k–$130k/yrapply on theladders.com