Senior Governance Risk And Compliance Analyst Jobs

5+ years of relevant experience, preferably within the banking or payments industry, in AML Compliance and Risk Management;

Synthesize bank and regulatory requirements into global AFC compliance policies and procedures and support their effective implementation throughout the company

Ability to work independently in a remote environment; and

High EQ and excellent written and oral communication skills.

Excellent written and oral communication skills

Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave

Review and communicate engagement results, findings and recommendations to account partner, client management and key stakeholders.

Strong report writing and presentation skills, an analytical mind, and problem-solving abilities

Strong Understanding of GRC processes (Risk Assessment, Controls, Regulatory Change Management and policy and procedures management.

Preparing business requirements document, process flows, process, and control documentation in form of Risk Control Matrices (RCM), SOPs, narratives, etc

Graduate degree in Accounting & Finance required

Experience on working on different GRC tools.

Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST 800-53 Rev 5 controls

Strong stakeholder and relationship management skills

Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy

Have a working knowledge of the NIST CSF and RMF frameworks

Bachelor's degree with a minimum of 8 years of experience

Experience managing Agile projects with a focus on duties related to Product Owner

At least 3 to 5 years of IT Audit, SOX, or IT Security risk assessment experience

Solid knowledge of risk and security frameworks like NIST, ISO, and COSO

Experience working in a governance environment leveraging a risk and controls mindset.

1-3 years’ experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business

Key industry certifications such as CISA, CISM, CISSP, etc.

Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.

Bachelor's degree in finance, economics, risk management, or a related field. Relevant professional certifications (e.g., FRM, CFA) are a plus.

0-3 years’ work experience in risk management, regulatory compliance, or related fields, with a focus on model risk governance and compliance.

Assist in implementation of a comprehensive model risk governance framework, including model inventory, issue management, model attestation, vendor surveys, annual review;

Responsible for model validation issues management and follow up.

Solid understanding of risk management concepts and financial regulatory environment.

Assist in periodical GRC model surveys (especially performance monitoring processes) and vendor surveys, GRC platform experience preferred (e.g. RiskConnect).

Utilize ServiceNow to manage TS audits and policies

Education: Bachelor's Degree in Computer Science, Information Systems, Business Administration, Mathematics or a related field

Collaborate with the CCD Auditors Office throughout audit engagements

Assist in the collection/creation of audit deliverables

Work with TS stakeholders and advise on implementation of internal controls and safeguards in response to audit findings

Utilize ServiceNow to approve third party file share permission requests

Implements and manages governance technology platforms including Archer Integrated Risk Management Platform and ACES Quality Management Software.

Expectation of both remote work along with in office days.

Oversees system integration and enhancement projects, including requirements gathering, adequate scoping, resource allocation, roadmap development, and timely project completion.

Manage technology upgrades, maintenance, and issue resolution as needed in close collaboration with IT team and GRC third-party provider.

Provides input and actively implements strategic plan for the team, manages and maintains team procedures, development documentation, and record retention.

3+ years RSA Archer experience in building Advanced Workflow, Access Control, UI design, Reporting, Dashboards, iViews and DDEs

Knowledge of Information Security Risk Management, risk mitigation, RTP.

Project Management skills Skills in preparing documentation, and delivering professional presentations.

GRC tool knowledge or certification is a highly desirable.

Certification in ISMS (ISO 27001) is desired.

ISACA Certification like CISA is desired.

Fundamental knowledge of the system development lifecycle and system development methodologies.

Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53)

Strong written and spoken communication skills when responding to external requests

Are passionate about our clients and live/breathe the client experience.

Understanding of common vendor risks and common vendor attestations (SSAE16, SOC2, SIG-Full/Lite)

Demonstrated ability to drive multiple workstreams in parallel within GRC

YOU’RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE...

Experience working with the Federal Risk and Authorization Management Program (FedRAMP)

Experience with conducting audits, privacy, BC & DR Program Management

2+ years of experience in responding to security assessments, SAQs, compliance requirements, etc

Collaborate with Sales, Engineering, Information Security, IT, and Product Development teams to communicate compliance obligations and requirements

Educate stakeholders on their responsibilities

Assisting in the development and execution of the internal compliance program, involving preparation for audits, certifications, and risk assessments.

Lead the supplier risk management process to identify and mitigate the risk of third-party relationships.

Compliance for regulatory requirements such as SOC2, FedRAMP, NIST 800-171, CMMC, and new regulatory initiatives applicable to the business.

Documentation review, drafting of policy, procedures and standards, certification and accreditation documents.

Manage various projects, including effective project tracking, issue handling, and follow up.

You're collaborative, building relationships, humbly offering support and openly welcoming approaches.

Location: Fully Remote, with the opportunity to work from anywhere in the United States.

Promote the awareness of risk management, internal control, and compliance via training, promotion, and eLearning

Oversee the stipulation and management of TSMC AZ’s policy, procedure, and control instruction

GRC (Governance, Risk management, and Control/Compliance) Manager

Perform testing to substantiate results.

Facilitate the risk assessment and annual Control Self-Assessment (CSA) for TSMC AZ

Represents the Compliance team on projects and ensures compliance when changes are made to current systems

Bachelor’s degree in related field (IT or Cybersecurity) or equivalent combination of experience and education/certification

Minimum of 2 years of experience in developing and operationalizing crisis management plans, including business impact assessments and risk management

Minimum of 2 years of experience in successfully managing complex global cybersecurity programs/project

Minimum of 2 years of experience with driving risk reduction through vulnerability remediation

Understanding of security compliance requirements (ISO27001, SOC 2, FedRAMP, NIST 800-171

Scripting knowledge using Python is strongly desired

Proven experience in a compliance and risk management leadership role, preferably within the healthcare sector.

Excellent leadership and team management skills.

Implement appropriate training programs for compliance and risk management.

Provide reports and key risk indicator updates to the CISO and executive management team.

Report back to business functions on current risk and compliance performance; participate in management and board meetings.

Oversee and manage the development and implementation of GRC standards and processes.

Communicating with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting

Staying up-to-date on current cybersecurity threats, vulnerabilities, trends, and best practices to proactively evolve the cybersecurity risk and controls program

Excellent verbal communication skills with the ability to translate complex technical concepts into business language

CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

Collaborating with cross-functional teams to identify risks while evaluating the design and operational effectiveness of controls to report opportunities for improvement

Collaborating with security, privacy, and legal counterparts to develop, review, and amend global cybersecurity policies and standards

2+ years of relevant experience in SOX Compliance, Internal Auditing, Information Technology, or risk management,

Experience with IT service management processes (change, incident, or problem management)

Experience with identity and access management processes

Performs management testing of Information Technology General Controls (ITGC).

Manages and executes quarterly User Access Review (UAR) process across all divisions and SOX-compliant applications.

Bachelor's degree (preferred) in Information Systems, Computer Science, Accounting, Business Administration, or equivalent experience

Strong written, verbal, and interpersonal skills, including ability to communicate effectively with senior level management.

Establish a common framework to govern the issues management process.

Develop and conduct trainings to business unit on risk management topics and processes.

Advanced analytical and highly developed critical thinking skills.

Excellent oral and written communication skills, both in English and Spanish.

Every employee must meet the necessary requirements stated in the job guide.

Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management

8+ years of relevant industry experience

Current Security CISSP, CRISC, CISM or equivalent certification completed or currently in progress

Experience in running long-term, complex security programs that deliver iterative improvements and risk reduction

Strong communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders

Bachelor's degree in Computer Science, a related field, or equivalent practical experience

Typically eight plus years’ security and / or cyber risk management experience in a mid- to large-enterprise environment

Work collaboratively with department and organizational leadership to define and manage Third Party Risk Management best practices

Forge partnerships with internal stakeholders through the delivery of "Value" risk management and advisory services

Enterprise compliance, internal/external audits, and risk management - methods and techniques for the assessment and management of risk

Risk management and compliance program development leveraging HIPAA, Sarbanes Oxley (SOX), FERPA, PCI DSS, Information Security awareness, policy and standards

Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles