The Senior IT Governance, Risk & Compliance (GRC) Analyst is responsible for developing, maintaining, monitoring and enforcing policies and procedures within the IT Risk Management framework in support of Genworth’s strategic, compliance and regulatory requirements.
The Senior IT Risk Analyst will be part of a team of IT risk professionals who work with senior management in all lines of business to govern, manage and coordinate IT risk and compliance.
The main responsibilities include:
IT Risk Management
- Develop, maintain and continuously improve IT Risk Management frameworks, policies, standards and procedures.
- In consultation with compliance and risk leaders, identify, report and analyse laws and regulations that may impact Genworth to ensure all risk and compliance issues are identified and appropriately managed.
- Provide ongoing pragmatic IT risk and compliance advice to technology and business stakeholders.
- Design and review IT controls and monitoring mechanisms to support compliance obligations.
- Manage the internal testing program for IT general controls and cyber security, including Sarbanes Oxley (SOX) and APRA CPS-234 assurance activities.
- Coordinate and respond to internal and external audits and manage remediation activities.
- Manage operational risks that are associated with each IT asset – i.e. data, systems, processes, as well as third party risks (i.e. suppliers, cloud vendors, etc).
- Drive the understanding and adoption of the IT Risk Management and Information Asset Ownership frameworks within the business.
- Assist in business continuity and disaster recovery reviews, verification and testing.
- Produce management reporting for various stakeholder audiences.
- Provide leadership for the management of IT Incidents.
- Produce management information, including KPIs and reports.
- Monitor the effectiveness of incident management and make recommendations for improvement.
- Drive, manage and maintain the major incident process and associated procedures.
- Keeping abreast of best practices and trends through research and involvement in industry organisations and events.
- Adhere to the compliance obligations relevant to the position; perform duties in an ethical, lawful and safe manner; undertake training as directed by the Compliance Leader; report and escalate compliance concerns, issues and failures; and disclose potential conflicts of interest.
- Maintain key relationships with third parties and ensure commitments and compliance are met, risks are managed, communications are effective.
- Develop and maintain sound knowledge of industry trends, emerging threats, relevant laws and regulations.
Most Frequent Contacts
In addition to others within the department, this role interfaces with other internal functions, including most frequently:
- Enterprise Risk
- Project Management Office
- Sourcing and Facilities
- Internal Audit (GCAS)
- Senior Leaders and Managers
This role also interacts regularly with external stakeholders including:
- Genworth Financial Inc. technology and risk teams
- External Auditors (e.g. KPMG, E&Y)
- Industry Groups
- 4 years experience working in a similar IT risk role.
- Tertiary level qualifications with relevant professional certifications (i.e. CRISC, etc).
- Broad knowledge of IT risk principles and practices including a sound understanding of the regulatory requirements and standards relevant to the finance sector.
- Excellent communication skills and ability to present ideas clearly and effectively.
- Strong written and oral communication skills.
- Experience engaging with, and influencing, multiple stakeholders including senior leadership.
- Ability to nurture and guide junior resources.
- Ability to drive transformational change.
To apply for this job please visit itjobpro.com.