Summary of Responsibilities:

  • The Governance, Risk & Compliance (GRC) Analyst III focuses on facilitating the review, development, implementation, and documentation of IT policies, procedures, processes, programs, and practices to guide SC toward continuous compliance with industry laws, regulations, and frameworks. The incumbent works with the IT GRC team, IT, Compliance and the business to support process documentation and review, education and training for eGRC repository system of record, reporting and analytics, and developing and maintaining in the system of record appropriate records related to policy, procedures, control self-assessments, risk, etc.

Essential Functions:

  • Ensures all IT policy and procedures are documented and updated according to SC regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up-to-date as defined by the IT Governance program
  • Interfaces with internal and external requestors as an escalated point and reviews IT artifacts for completeness and satisfaction for the delivery of quality services regarding important issues / priorities, and deadline-sensitive information
  • Engages with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs
  • Functions as the eGRC repository system and SharePoint SME and trains/supports clients with repository system usage, including one-on-one training and drafting training guidelines when necessary
  • Provides solutions and coordinates the execution of control mechanism/testing against technical procedures to ensure appropriate execution and that risk is mitigated to an appropriate level
  • Analyzes business problems using software, analytical tools and techniques, business process and technical knowledge and to general common sense to formulate solutions
  • Defines and delivers appropriate IT GRC metrics, analytics, and scorecards
  • Maintains all versions and version control for all IT GRC program documentation and pipeline with a thorough understanding of the processes and communicates the status
  • Coordinates various eGRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls
  • Organizes and leads IT GRC-related meetings and prepares meeting agendas
  • Develops and maintains risk register and designs self-assessments to help identify risks
  • Serves as an escalation point to track and follow-up on risk events

Other Functions:

  • Special projects as requested
  • Performs other duties as assigned


  • Bachelor’s degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree.
  • At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a highly regulated industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required.
  • Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. SOX, PCI, FFIEC) or the risk register, risk exposure, risk reporting and handling of risk events.
  • Excellent written and verbal communication skills.
  • Strong analytical and problem solving skills.
  • Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment.
  • Ability to multi-task and prioritize tasks.
  • The ability to work well with people from many different disciplines with varying degrees of technical experience.
  • The ability to adapt to a dynamic, rapidly changing business and technical environment.
  • Ability to exercise good professional judgment.
  • Ability to maintain confidentiality.
  • Ability to oversee all aspects of projects and manage projects through the entirety of the life cycle Preferences:
  • Previous IT, GRC, financial services, and/or highly regulated industry experience, preferred.

Working Conditions:

  • The working conditions described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • Extended working hours may be required as dictated by management and business needs.
  • Travel to multiple facilities may be required.
  • May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
  • May be required to sit and review information on a computer screen for long periods of time.
  • May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.
  • Corporate / satellite office role.
    Employer’s Rights: This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.