Senior IT GRC Analyst

Since 2012, we''ve grown to become one of the leading single-family rental companies and homebuilders in the country, recently recognized as a top employer by Fortune and Great Place To Work®.  At AMH, our goal is to simplify the experience of leasing a home through professional management and maintenance support, so our residents can focus on what really matters to them, wherever they are in life. 

The Senior IT GRC (Governance, Risk, and Compliance) Analyst serves as the subject matter expert in IT risk, privacy, regulatory compliance, ISO 27001 and SOX audit of the company’s GRC program. This role is responsible for implementing, performing, and continuously improving enterprise IT risk, privacy, and AI risk management programs. Partners closely with internal stakeholders (e.g., IT, legal, etc.) to ensure risks are identified, assessed, mitigated, and reported effectively.

Responsibilities:

• Serves as the subject matter expert for the IT risk program providing oversight of the end-to-end risk assessment lifecycle. Reviews, validates, and approves risk identification, analysis, and executes IT risk assessments. Ensures risks are triaged and prioritized based on impact and reported in accordance with enterprise standards.
• Ensures on-going accurate risk detection by applying a higher-level review of risk assessments performed by lower-level analysts for vendors, privacy, AI risks, and regulatory requirements.
• Designs and reviews risk and audit control documentation. Utilizes GRC expertise to mitigate risks and meet compliance requirements around enterprise projects, new products and services, and major technology infrastructure changes.
• Leads projects for GRC initiatives, including change documentation, gates presentation, and coordination of internal stakeholders.
• Advises IT control owners and internal stakeholders on validating risk analyses and control effectiveness for ISO 27001, SOX, company policies, and legal or regulatory requirements. Provides hands on assistance to resolve control gaps, improve maturity, and ensure audit readiness.

Requirements:

• High school diploma or GED required
• Bachelor’s degree in business, information technology, accounting or related field preferred
• Minimum six (6) years of experience in Risk Management, IT Compliance or IT Audit roles
• Certified Information Systems Auditor (CISA) or IT Risk Fundamentals from Information Systems Audit and Control Association (ISACA) or related certification preferred
• Knowledge of ISO 27001, privacy standards, and SOX compliance
• Advanced knowledge and experience with risk management frameworks, ISO 27001, Privacy standards, and SOX compliance
• Must have ability to define problems, collect data, establish facts and draw valid conclusions for recommendation
• Must have a strong working computer knowledge of Microsoft Office applications (Excel required)
• Excellent verbal and written communication, planning, analysis and organizing skills
• Strong troubleshooting and problem-solving skills

Compensation

The anticipated pay range/scale for this position is $91,597.00 to $114,496.00 Annually. Actual starting base pay within this range will depend on factors including geographic location, education, training, skills, and relevant experience.

Additional Compensation

This position is eligible to receive a discretionary annual bonus.

Perks and Benefits

Employees have the opportunity to participate in medical, dental and vision insurance; flexible spending accounts and/or health savings accounts; dependent savings accounts; 401(k) with company matching contributions; employee stock purchase plan; and a tuition reimbursement program. The Company provides 9 paid holidays per year, and, upon hire, new employees will accrue paid time off (PTO) at a rate of 0.0577 hours of PTO per hour worked, up to a maximum of 120 hours per year.

CA Privacy Notice: To learn more about what information we collect when you apply for a job, and how we use that information, please see our CA Job Applicant Privacy Notice found at .

#LI-PH1