Governance, Risk & Compliance Analyst

Governance, Risk & Compliance Analyst

Under the direction of Business Applications Management, the GRC Specialist will partner across corporate, operations, and technology teams to ensure governance compliance. This includes implementing tools and practices to enhance our processes related to risk management, change management, disaster recovery, business continuity planning, controls assurance, and external auditor engagement. This also includes coordinating and performing security assessment functions, including internal audits, control testing, reporting and other activities in accordance with technology and governance policies and procedures. The GRCS is also responsible for ensuring that policies and procedures are well documented, regularly reviewed, approved, and aligned to business need and value and communicated throughout the organization. The GRCS will apply proven project management skills, communication skills,
technical and problem-solving skills, process management/improvement, and knowledge of best practices.


Strategy & Planning
• Work closely with IT Management to establish repeatable practices and processes to
maintain a balanced security and compliance control framework that meets necessary
governance and contractual requirements.
• Establish standard repeatable practices
• Develop security and risk management strategies to avoid non-compliance.
• Develop and communicate policies, procedures, and plans to executive team, staff,
customers, stakeholders, and vendors.
• Continuously work to improve existing compliance programs and processes.
• Continuously review and modify technology and governance policies and procedures.
• Design and execute audit procedures to assess and measure compliance with company policies and procedures.
• Monitor advancements in corporate policies and procedures to ensure organizational
adaptation and compliance.

Compliance and Audit Assessments
• Work closely with IT Management to develop and coordinate a compliance schedule
tailored to corporate policies and procedures.
• Partner with Technology, Human Resources, Legal, and Finance teams to ensure
appropriate operational, technical, data privacy, and SOD controls are implemented and enforced.
• Conduct and/or manage remediation projects, compliance testing and monitoring of
current and future governance obligations as required.
• Conduct internal security reviews, risk assessments and compliance audits.
• Partner with technology departments to identify risks, test controls and ensure
risk/security finds are reviewed and remediation's are implemented.
• Collect, analyze, and prepare reports required for senior management, auditors, and
other relevant stakeholders to communicate final results of assessments, including
recommendations for business process, information system practices, and control
• Ensure that necessary security due diligence of our vendor portfolio is maintained.
• Coordinates third-party audits.

Operational Management
• Act as the focal point for internal/external auditor activities and assessments and drive accountability and efficiency across all technology departments.
• Develop materials and tools to effectively communicate compliance and corporate
• Develop and maintain policy, plans, and strategy in compliance with corporate
governance regulations, policies, and standards.
• Document, investigate, and report compliance issues and incidents, where necessary.
• Understand, develop, and deliver meaningful reports on the program state and
adherence to frameworks and standards.
• Lead the escalation and resolution of risk and compliance issues with appropriate
• Liaise with relevant parties to commission activities relating to contingency planning,
business continuity management, and IT disaster recovery.
• Other duties as assigned.

• 5+ years of combined experience in information security, GRC, BCP/DR, and risk
management with at least 3 years’ experience developing and implementing security
compliance programs.
• Hands on security controls testing experience for business/web applications and
corporate infrastructure systems
• Strong knowledge of relevant control frameworks, risk management processes,
networking concepts and protocols, and network security methodologies.
• Certified Information Systems Security Professional (CISSP), Certified Information
Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are a plus
• Familiarity working with and/or managing Governance, Risk, and Compliance (GRC)
• Ability to work both independently and collaboratively with peers, across teams, and
with management
• Knowledge of cyber threats and vulnerabilities and specific operational impacts of cyber security lapses.
• Thorough understanding of project management principals and methodologies.

• Results oriented, high energy, and self-motivated.
• Very strong customer service orientation.
• Excellent verbal and written communication skills.
• Strong presentation and interpersonal skills.
• Ability to present complex/technical situations in business-friendly and user-friendly
• Ability to work in a team-oriented, collaborative environment, as well as autonomically.
• Exceptional analytical, conceptual, and problem-solving abilities and keen attention to detail.
• Ability to handle multiple competing priorities and prioritize and execute tasks in a high-pressure environment.
• Ability to meet tight deadlines.

Crown Media is an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, age, pregnancy, national origin, physical or mental disability, genetics, sexual orientation, gender identity, veteran status, or any other legally-protected status. Principals only please

Please use link provided below to apply:

Showing 1 reaction

Please check your e-mail for a link to activate your account.