Senior GRC Analyst
About the role
The Sr. Analyst, Governance, Risk, and Compliance (GRC) plays an important role in the GRC delivery framework, ensuring Black & Veatch’s compliance with contractual and regulatory requirements, assessing control design and operation against common standards and frameworks, and assisting with third-party/supply chain risk management.
Responsibilities
- Proven experience reviewing client contract provisions related to data security, breach reporting, cyber resilience, and compliance certifications and measuring compliance in IT and security architecture and operations.
- Support independent certification and audit by working with D&IT peer groups and lines of business to collect documentation and evidence of security policies and operations.
- Request and review documentation and evidence from control owners to certify and validate compliance to standards and industry-accepted best practice.
- Monitor regulatory and legal landscape at a global scale and across market sectors and maintain awareness of compliance requirements.
- Act as an informed voice in development of policy and ensure alignment with regulatory, legal, and contractual requirements.
- Contribute process and subject matter expertise in governance forums and cross-functional committees.
- Collaborate with peer D&IT groups to collect KPI’s, KRI’s and drive efficiency through automation and other means.
- Contribute subject matter expertise through third party risk assessment process.
- Identify and communicate risk of vendor engagements and mitigation actions to business owners and D&IT stakeholders.
- Assist review of client security requirements in contracts and aggregate relevant clauses to inform contractual risk.
- Assist development of user training aligned with cyber threat landscape, establish and implement metrics, and propose enhancements.
Qualifications
- Bachelor’s degree in information systems, Information Security, or a related field.
- 7–10 years of experience in GRC executing or auditing against standards, frameworks, and industry regulations.
- Strong analytical, organizational, and communication skills.
- Professional certifications such as CRISC, CISSP or others.
- Experience with ServiceNow Risk Management platform.
- Knowledge of FAR, DFARS, CMMC.
- Experience with GRC platforms and risk management methodologies.
- Ability to work independently and collaboratively as required.
- Demonstrated experience supporting GRC functions for global companies.
- Solid proficiency in risk assessment methodologies and frameworks.
- Prominent collaboration with IT teams.
- Familiarity with industry standards and frameworks (e.g., NIST CSF and supporting SP’s, ISO 27001, AICPA SOC).
- Strong desire to create task and functional efficiencies through use of technology and tools, especially GenAI.
Preferred Qualifications
- Strong analytical, organizational, and communication skills.
- Professional certifications such as CRISC, CISSP or others.
- Experience with ServiceNow Risk Management platform.
- Knowledge of FAR, DFARS, CMMC.
- Experience with GRC platforms and risk management methodologies.
- Ability to work independently and collaboratively as required.
- Demonstrated experience supporting GRC functions for global companies.
- Solid proficiency in risk assessment methodologies and frameworks.
- Prominent collaboration with IT teams.
- Familiarity with industry standards and frameworks (e.g., NIST CSF and supporting SP’s, ISO 27001, AICPA SOC).
- Strong desire to create task and functional efficiencies through use of technology and tools, especially GenAI.
Benefits
Black & Veatch offers a comprehensive benefits portfolio including medical, dental, and vision insurances, disability, and a robust wellness program. Additional benefits include flexible work schedules, paid vacation and holiday time, sick time, and dependent sick time. Professionals may also be eligible for a performance-based bonus program. The company is committed to being an employer of choice and provides innovative and effective solutions for clients.