Jobs · Legal · Missouri

Governance, Risk & Compliance (GRC) Analyst

Delta Dental of Missouri · St Louis, MO · 2 wk ago
LegalFull-time

Position Summary

In this role, you will play a critical part in ensuring our organization adheres to client and regulatory requirements while identifying and managing technology risks effectively. Work performed by this individual results in the measurable reduction of costs and/or risks relating to risk management and controls.

Responsibilities

  • Work with Legal, Privacy, and Compliance to monitor and assess client and regulatory requirement changes to ensure that the IT program fulfills client and regulatory obligations.
  • Collaborate with cross-functional teams to communicate, implement, and maintain IT compliance initiatives.
  • Assist leadership with development and maintenance of departmental policies and procedures.
  • Conduct internal and external risk assessments to identify potential threats and vulnerabilities.
  • Develop, maintain, and perform outbound assessments to vendors, suppliers, and partners.
  • Evaluate the impact and likelihood of identified risks.
  • Accurately respond to inbound assessments from clients and regulators.
  • Work closely with business units to develop and implement risk mitigation strategies.
  • Maintain the IT Risk Register.
  • Conduct audits to assess IT compliance with policies, standards, and regulations.
  • Coordinate user entitlement reviews and assist with ensuring data safeguards and controls are in place.
  • Develop and implement monitoring programs to track compliance and risk metrics.
  • Collaborate with internal and external auditors during scheduled audits.
  • Document audit procedures performed ensuring audit methodology is consistently followed and conclusions are appropriately reached.
  • Assist in the maintenance, governance, and execution of Threat and Vulnerability Management processes.
  • Assist in the scoping, solution, design, and implementation of operational security projects.
  • Maintain Subject Matter Expertise knowledge in relevant tools and services.
  • Generate and maintain regular reports for management review, including program level metrics and KPIs.

Education, Skills, Personal Attributes, And Experience Required

  • Bachelor's degree in information systems, computer science, or other relevant discipline strongly preferred.
  • 3+ years of experience working in a similar industry or within a consulting firm.
  • Experience reviewing and completing security questionnaires.
  • Experience reviewing compliance and security reports (SOC 2, PCI, ISO, etc.).
  • Prior practical experience in one or more of, application security, security threat, and vulnerability management, identify and access management, computer forensics, red-team examinations, and computer incident response strongly preferred.
  • Experience performing security and due diligence reviews of vendors.
  • In-depth knowledge in information security best practices and frameworks, such as NIST Special Publications and Cyber Security Framework, CIS Controls, ISO/IEC 27000/31000 series, and OWASP.
  • Knowledge of common cloud infrastructure platforms and applications (e.g., AWS, Azure, M365) is a plus.
  • Proficiency in tools like JIRA and Confluence preferred.
  • One or more of the following certifications is preferred: CISA, CRISC, CISSP, SSCP, Security+.
  • Proven subscription to the company’s core values of integrity, adaptability, service-focused, accountability, curiosity, and community.

Similar jobs