IT Governance Analyst

Post Date

Feb 14, 2024

Location

Sacramento,
California

ZIP/Postal Code

95826
US
Jun 14, 2024 Insight Global

Job Type

Contract,Perm Possible

Category

Accounts Payable

Req #

SMF-683013

Pay Rate

$38 - $58 (hourly estimate)

Job Description

Description:
The governance analyst is in charge of ensuring that IT and Security policies, processes, technologies, and assessments are aligned with the governance, risk, and compliance (GRC) framework of the organization.
The analyst verifies compliance and adherence to the organization's IT policies and procedures and participates in activities related to the creation, implementation, compliance, and adherence of these policies and assessment activities. This position will also oversee the reporting, tracking and validation of IT Change Management procedures and Business Continuity and Disaster Recovery (BCDR) testing processes.
Some of the daily tasks:
- Report on IT GRC program and compliance with policies and regulations. Assess IT control environment against frameworks (e.g., NIST, ISO, SOC, COBIT, ITIL, SOX, CCPA/GDPR).
- Advise on GRC aspects of products, practices, and procedures. Coordinate and track IT audits, evidence, and remediation. Ensure IT documentation is updated. Respond to audit findings.
- Manage GRC platform and produce metrics, reports, and dashboards. Implement IT strategy for audits and compliance checks.
- Review system user access and follow up with approvals and submissions.
- Evaluate GRC program strengths and weaknesses in privacy, security, resiliency, and compliance.
- Support third-party risk assessments and remediation. Report and investigate violations of rules and standards.
- Work with auditors to keep audit scope and remediation in line. Maintain good relationships with audit entities.
- Plan and test business continuity/DR
- Develop and deliver GRC training and guidance
- Protect system confidentiality

Required Skills & Experience

5 years in IT governance, compliance or risk
3 years of exposure to cybersecurity frameworks
3 years of experience auditing and governing policies and procedures
Findings management experience
Strong communication skills - meeting with stakeholders
Organizational skills
Capacity to understand legacy and progressive technology and security controls along with respective risk.
Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.

Nice to Have Skills & Experience

Project management background

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.