Overview:
THE ROLE:
The Principal I of Technology Governance Risk and Compliance acts as a technical expert, focusing on providing expertise, guidance, and support on risk management topics. This role supports continuous improvement of governance and risk management methodologies, tools and processes to ensure proactive oversight and management of the Technology risk landscape.
- HOW YOU WOULD CONTRIBUTE:
- 8+ years experience to provide technical expertise on IT governance and risk management tools and processes.
- Act as Subject Matter Expert (SME) on IT governance risk management best practices.
- Identify control weaknesses, regulatory compliance issues, and potential areas of risk across all segments of Technology.
- Mentor team members to understand the risk management best practices, policies and procedures.
- Maintain current knowledge of applicable regulations and policies relevant to GDTS.
- Lead the design, development and implementation of new risk management tools, processes and best practices across Tech projects and programs.
- Deliver reliable solutions on-time, with mínimal supervision.
- Develop a cooperative environment that fosters knowledge sharing and technical growth.
- Provide guidance for technology teams for full end-to-end implications of decisions in area of expertise.
- This role must proactively escalate potential risks to leadership and be outspoken in seeking mitigation actions.
- Produce vulnerability reports (app sec, infra, cloud, OT, IoT) from multiple scans
- Analyze and follow up on vulnerabilities
Generate PowerBI reports
WHAT'S SPECIAL ABOUT THE TEAM:
Tech GRC is global team collaborating with IT, Cybersecurity, Privacy, Enterprise Risk among other risk teams in the company, to manage technology risks and provide proactive risk solutions. Our vision is to provide risk information to support fact-based decision making, aligned with our enterprise strategy.
SUPERVISORY RESPONSIBILITIES: N/A.
Job Qualifications:
SKILLS AND BACKGROUND REQUIRED TO BE SUCCESSFUL:
- Excellent written and verbal communication skills. Communicates effectively to both technical and executive audiences.
- Strong interpersonal and influencing skills.
- Expert level knowledge in governance and risk management policies, procedures, tools and best practices.
- Expert level understanding of IT landscape to be able identify and articulate gaps from a risk management and service continuity perspective.
- Deep knowledge of governance, risk and compliance requirements for the business.
- Knowledge of industry best practice risk management methodologies, tools, and processes.
- Creative problem solving and innovation.
- Able to work effectively and collaborate with multi-disciplinary teams.
Certificates / Training:
- CRISC
- CISA
- CISSP
- CISRCP
- CC(GRC)P
**Education**:
- Required: Bachelor's in Information Technology or equivalent.
- Preferred: advanced technical degree.