Senior, Technology GRC Analyst at Together Credit Union

St. Louis, Missouri, United States -

Full Time

Start Date

Immediate

Expiry Date

11 Sep, 26

Salary

0.0

Posted On

13 Jun, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Risk Assessment, Cybersecurity Risk Management, Control Validation, Regulatory Compliance, Third Party Risk Management, Incident Response, Business Continuity Planning, Disaster Recovery, Audit Coordination, Stakeholder Management, Technical Reporting, Risk Mitigation

Industry

Financial Services

Description

Job Title: Senior, Technology GRC Analyst Reports To: Vice President, Technology Governance, Risk & Compliance People Leader: No FLSA Status: Exempt ** This is a Hybrid/St. Louis position ** Job Summary The Senior Technology GRC Analyst helps the organization understand and manage technology and information security risks before they become larger issues. This role provides independent oversight of technology and cybersecurity risks, evaluates the effectiveness of controls, and helps leaders make informed decisions about risk. The position supports regulatory compliance, organizational preparedness, and the protection of organizational assets by identifying gaps, emerging risks, and opportunities to strengthen the overall control environment. Job Responsibilities The intent of this job description is to provide a representation of the types of duties and level of responsibilities required of this position and is not intended to be an exhaustive list of all responsibilities, duties, and skills. Team members may be directed to perform job-related tasks other than those specifically stated in this description. * Conduct complex risk assessments of existing and proposed technology assets, services, and operations to identify vulnerabilities, threats, control gaps, and emerging risks; provide recommendations to support risk informed decision making * Prepare clear, actionable risk reports and dashboards for leadership, highlighting key findings, trends, and remediation progress * Review, test, and validate the effectiveness of controls against established frameworks, regulatory requirements, and organizational standards; identify control gaps and provide recommendations to strengthen the control environment * Monitor and report compliance with applicable technology, cybersecurity, privacy, and regulatory requirements; identify potential concerns and validate corrective actions implemented to address identified issues * Advise stakeholders on the development and ongoing improvement of security standards and procedures to strengthen the organization's control environment and address emerging risks * Provide independent review and challenge of technology and information security risks, control effectiveness, remediation plans, and risk acceptance decisions; consult with stakeholders on risk mitigation strategies and control considerations * Participate in post incident response and post reviews to assess response effectiveness, identify control or process weaknesses, and provide recommendations to strengthen business continuity and disaster recovery preparedness * Assess technology and information security risks associated with third party relationships and provide recommendations to support vendor risk management activities * Coordinate findings and remediation activities related to internal and external audits, examinations, and assessments; validate corrective actions and identify recurring risk themes or control weaknesses Required Qualifications An equivalent combination of education, training, and experience will be considered. * High school diploma or equivalent * 3+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience Preferred Qualifications * 5+ years of financial industry experience such as Technology, Fraud, Operations, or Risk and Compliance or relevant transferable experience * Certified in Risk and Information Systems Control (CRISC) Knowledge, Skills, and Abilities (KSAs) A representation of the knowledge, skills, and abilities necessary to perform this job competently. * Skilled in assessing technology and information security risks, identifying control gaps, and evaluating potential business impacts * Skilled in interpreting and applying technology, cybersecurity, privacy, and regulatory requirements within a risk management framework * Skilled in analyzing complex information, identifying trends and root causes, and developing practical risk based recommendations * Skilled in evaluating the design and effectiveness of controls and assessing alignment with organizational standards and industry frameworks * Skilled in communicating complex technical and risk related concepts to diverse audiences through reports, presentations, and stakeholder discussions, utilizing a framework such as NCUA, FFIEC, GLBA, PCI-DSS, etc. * Skilled in building collaborative relationships and providing independent guidance, challenge, and consultation across functions * Ability to exercise sound judgment, prioritize competing risks, and make recommendations in situations involving ambiguity or incomplete information * Ability to coordinate multiple assessments, audits, remediation activities, and stakeholder groups while maintaining attention to detail Work Environment Environmental or atmospheric conditions commonly associated with the performance of this job’s functions. * Flexible remote or hybrid (combination of remote & onsite) work environment; requires regular use of online tools, systems, and collaboration platforms * General office setting when working onsite * Occasional travel to branch locations, vendor sites, or other business-related locations * Attendance at offsite meetings, events, or conferences as needed * This position requires alert monitoring and incident response as needed, including weekends and holidays Physical Abilities The physical demands described below are representative of those that must be met by an employee to successfully perform this job’s essential functions. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. * Ability to work at a computer in a stationary position for up to 8 hours per day * Ability to occasionally carry light materials (e.g., laptop, presentation materials) * Ability to travel for business by car or air and stay in public accommodations as needed Together Credit Union is an Equal Opportunity employer. The Credit Union complies with appropriate federal, state, and local laws and provides equal employment opportunities without regard to race, color, religion, gender, age, sexual orientation, gender identity or expression, national origin, military or veteran status, disability (including pregnancy), genetic information, or any other protected status to all qualified applicants and employees. Together Credit Union is committed to a policy of non-discrimination and dedicated to providing a positive discrimination-free work environment.

Responsibilities

The role provides independent oversight of technology and cybersecurity risks by conducting complex risk assessments and evaluating control effectiveness. It involves monitoring regulatory compliance and advising stakeholders on security standards to protect organizational assets.