ChicagoRecruiter Since 2001
the smart solution for Chicago jobs

GRC Analyst - 21-06361

Company: Infinity Consulting Solutions
Location: Chicago
Posted on: November 23, 2021

Job Description:

Job Description


A global financial organization is seeking an experienced GRC Analyst to work within the IT organization. The GRC Analyst is responsible to help support the day-to-day assurance operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. You will assist with the collection of data from multiple systems to allow for proper reporting of the Information Security program effectiveness.

The GRC Analyst will create impact by engaging business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices.


Coordinate the development of best practice policies and standards based on various governance frameworks

Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.

Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.

Develop and lead information security awareness and training initiatives, including phishing exercises.

Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees.

Develop and manage an information security risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.

Implement GRC software platform for policy administration, compliance and risk management.

Coordinate information security internal audit, external audit, regulatory and SOX reviews to help represent the company from an information security and technology risk perspective.

Coordinate responses to RFI\RFPs and client security related questionnaires.

Establish a compliance management framework to manage all 'third line of defense' reviews and results.

Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.

Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure

Identify, analyze, respond to and monitor IT risk.

Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.

Manage tracking of identified findings and actions to closure and reporting to leadership.

Develop and maintain a Cyber and IT Control Framework.

Develop a Cyber and IT controls catalog to align with the organization's risk appetite and tolerance levels to support business objectives.

Ensure all controls are assigned control owners to establish accountability.

Design and implement Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently.


Bachelor's degree. Master's degree a plus.

4+ years of relevant GRC Analytics experience, preferably in financial services.

Strong background in information technology with a clear understanding of the challenges of information security.

Demonstrated understanding of secure, complex information systems' environment in a global financial service sell side environment.

Relevant experience in the GRC space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.

Direct experience with regulatory compliance reviews and examinations.

Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred.

Project and program management skills.

Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.

Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.

Excellent leadership and teamwork skills.

Ability to influence others.

Team player with the ability to work independently.

Resourceful, energetic, self-starter, flexible, goal-oriented

Strong personal integrity

Keywords: Infinity Consulting Solutions, Chicago , GRC Analyst - 21-06361, Professions , Chicago, Illinois

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Illinois jobs by following @recnetIL on Twitter!

Chicago RSS job feeds