Job Description

　　Insight Global has an opening for a Sr. Risk Compliance Analyst to play a key role in developing our clients new IT controls program. The program includes IT General Controls and information protection controls. We are looking for a self-starter with experience designing and implementing new IT control expectations, developing controls documentation (e.g., policies, standards, guidelines, templates), and training control owners on control execution. This individual will also review compliance of new applications against applicable information protection controls. The Senior IT Controls and Risk Analyst will ensure controls are operating effectively after implementation, and remediation plans are developed and tracked to completion.

　　MAJOR RESPONSIBILITIES

　　 Define specific control expectations of technology owners related to information integrity, confidentiality, and availability.

　　 Develop standardized approaches, standards, and templates to support control owners in executing IT controls.

　　 Drive consistency in control execution across the IT organization.

　　 Provide formal and informal coaching and training to control owners on how to best to operate and evidence control execution.

　　 Monitor implementation of control requirements for key applications and develop a program for monitoring adherence to control requirements on a periodic basis.

　　 Define and execute reviews to ensure new applications adhere to the defined control requirements during implementation.

　　 Evaluate potential third parties or solution designs for compliance with expected privacy and security controls; identify risks

　　 Maintain a risk register to manage control non-compliance and remediation efforts.

　　 Centrally maintain documentation related to the IT controls program (e.g., Risk and Controls Matrix, IT process narratives, policies and procedures, evidence of control execution).

　　 Map defined controls set to applicable control frameworks (e.g., NIST CSF, Zero Trust Architecture, etc.) and identify additional controls to fill gaps.

　　 Identify opportunities to leverage controls automation and perform continuous monitoring.

　　 Apply change management methodologies to identify and manage anticipated resistance to change.

　　 Administer and configure tools, as needed, used in the execution of IT controls program activities (e.g., GRC tools, document repositories).

　　 Define and measure success metrics and monitor change progress (i.e. control owner adoption) against established program targets for reporting to leadership.

　　 Build trusted relationships with cross-functional IT and business partners (e.g., Internal Audit, Privacy, Compliance, etc.) to ensure alignment of controls program objectives and priorities across the organization.

　　 Promote a culture in which control owners recognize their responsibilities and the value in executing the expected IT controls.

　　Skills and Requirements

　　At least 4 years of professional experience in IT controls, information technology, risk management, information security, audit, privacy or related field.

　　 Experience specifically includes:

　　 Defining and designing new IT controls expectations

　　 Deploying new control expectations across a large enterprise

　　 Testing the operating effectiveness of IT controls

　　 Identifying IT control gaps, developing remediation plans, and tracking issues to resolution

　　 In-depth understanding of IT General Controls (i.e., Change management, Access, IT Operations) and application information protection controls (i.e., authentication, encryption, vulnerability management)

　　 Familiar with the NIST Cybersecurity framework and other industry control frameworks

　　 Experience creating training content and delivering training (e.g., live, recorded)

　　 Ability to maintain effective stakeholder relationships and promote internal controls and control awareness throughout the corporation

　　 Strong analytical, problem solving, and critical thinking skills, including the ability to anticipate issues and to design appropriate solutions

　　 Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood

　　 Experience configuring GRC tools

　　 Experience with privacy regulations (e.g., HIPAA, CCPA, GDRP) and associated information handling controls CISA, CISSP, CIA, CPA, CRISC, CISM null

　　We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].