Sr IT Governance, Risk and Compliance Analyst
Are you a problem solver, explorer, and knowledge seeker – always asking, “What if?”
If so, you may be the new team member we’re looking for. Because at SAS, your curiosity matters – whether you’re developing algorithms, creating customer experiences, or answering critical questions. Curiosity is our code, and the opportunities here are endless.
What we do
We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live.
What you’ll do
We’re looking for an IT Governance, Risk and Compliance (GRC) Analyst to join our Global IT Service Delivery and Support Division. You will lead efforts to design, implement, and manage IT GRC program requirements within the GRC platform. You’ll also perform risk assessments, gap analysis and overall security controls guidance around security standards such as ISO 27001, National Institute of Standards and Technology (NIST 800-53), IRS 1075 and other security frameworks. The IT GRC Analyst will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response.
- Serve as subject matter expert and on utilizing the GRC platform to facilitate Policy, Compliance and Risk Management.
- Perform as a lead to design, implement and manage use of the GRC platform in support of the IT GRC Program.
- Contribute to the implementation and continuous improvement of IT GRC Program standards and processes.
- Work proactively with the IT GRC Team to implement and manage regulatory and compliance program requirements in the GRC platform.
- Track POAM and risk remediation activities and provide relevant metrics to communicate status and awareness.
- Participate in information security risk assessments and gap analysis.
- Assist with analysis, documentation and training of remediation actions in response to audit findings.
- Assess and advise on the impact of IT GRC process design options and efficiencies.
- Contribute to the strategy and execution of the overall IT GRC Program.
- Cultivate relationships with Information Security, R&D, Legal, Audit and Compliance, and business stakeholders to strengthen security governance and risk management.
- Socialize and manage the awareness and adoption of IT GRC processes.
- Must have the ability to work with little supervision, escalating issues as appropriate.
- Create and help administer security training programs and practices.
- Perform other duties as assigned.
What we’re looking for
- Experience using and/or implementing a GRC platform (e.g., ServiceNow, Archer).
- Strong understanding of IT Governance activities which support the organizations policies, standards, and procedures.
- Highly motivated individual with excellent organizational skills, detail oriented, with the ability to stay on top of a variety of commitments and deadlines; must be able to work independently and as a team to maintain workload and report on problems or progress in a timely manner.
- Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance.
- The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity.
- Knowledge of regulatory standards and security frameworks; PCI, FISMA, NIST 800-53, HIPAA, ISO 27001/27002.
- Knowledge of risk assessment methodologies and practices.
- Understanding of IT Security controls and best practice.
- Experience with the ServiceNow issue management ticketing system.
- A self-starter who has an inquisitive, analytical mind that constantly looks for solutions to difficult problems. This person must have the ability to convey technology and security concepts to management and ideally has technical knowledge and/or experience in security with a proficiency in a risk management framework with the ability to assess administrative and technical controls.
The nice to haves
- Bachelor’s degree in a related field, preferably Computer Science, Information Technology or Cybersecurity.
- Ten years of experience in information security and compliance, IT governance, and securing IT systems.
- Equivalent combination of education, training, and relevant experience may be considered in place of the requirements above.
- CRISC, CGEIT, CRMA, or GRCP certifications preferred.
- We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
- Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn’t about fitting into our culture, it’s about adding to it – and we can’t wait to see what you’ll bring.
- And how about tuition reimbursement; a training budget for you to stay current with technologies; advanced certification options, and an onsite physical and virtual library of 8,000+ books, periodicals, CD audios, DVDs and other materials to further your self-studies.
To apply for this job please visit careers-sas.icims.com.