IT GRC Analyst

IT, Analyst, Security, Risk Management, Management, Development, CISSP
Full Time

Job Description

Job Description:

We have an exciting opportunity for an IT GRC Analyst to join the Ferguson IT Security team.

The IT GRC Analyst will assist with and participate in the planning, design, implementation, operation, and maintenance of IT Governance, Risk & Compliance (GRC) efforts intended to support Business and IT Risk Management and Assurance goals and objectives. Primary functions include: the collection of appropriate and relevant data for the monitoring and analysis of specific IT control activities, liaising with and providing consultative support to IT control owners and performers, generation of reports for analysis, assessment and presentation to IT and business management, recommendations on and tracking of control remediation, and coordination of efforts with internal and external auditors. This position works directly with IT, HQ, Management, Group staff and Operating Companies, Small Businesses and Subsidiaries, and with external business partners to achieve the necessary business goals.

**This role is approved to site 100% remote. If local to the Newport News, VA area, you will have the option for in-office work, once permitted.**

DUTIES ANDRESPONSIBILITIES: Analyze and recommend operational and business workflow changes to management in order to strengthen the control environment/security posture.
  • Participates in IT GRC team efforts to plan, design, implement and maintain IT Governance, Risk & Compliance initiatives and their supporting elements.
  • Scoping of relevant business entities, systems, & processes
  • Identification of and coordination with Risk & Control Owners on all relevant requirements
  • Consultation and assistance to Risk & Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) as appropriate.
  • Development of appropriate technical job aids and automation (e.g. scripts, queries, dashboards, etc.) in support of control performance, monitoring and assessment.
  • Alignment and coordination with Financial Controls, Internal Audit teams as appropriate
  • Coordination with and support of External Audit partners in the planning, execution of, and reporting on annual external testing of Internal (IT General) Controls over Financial Reporting.
  • Coordination, tracking and reporting of remediation plans and progress for all identified IT Control deficiencies
  • Enables the performance of specific IT control activities in support of business objectives.
  • Collection and distribution of appropriate and relevant data in a timely fashion for the performance of access reviews and other identified control activities
  • Identification and communication of deficiencies and other items of concern to appropriate parties during the performance of control activities for timely correction and/or remediation as needed
  • Maintenance and archiving of all relevant data and supporting documentation as evidence of the performance of control activities
  • Perform duties as requested by Management, in addition to the essential job functions described above.

  • QUALIFICATIONS AND REQUIREMENTS: A minimum of four (4) years' experience in Information Security and/or Technology
  • Bachelor's or Associate Degree in Information Security, Information Technology or Information Technology Management.
  • Prefer candidate with critical technical and leadership-oriented IT security certifications, such as CISSP, CISM, or equivalent.
  • Proven experience in planning, organizing, and developing IT security teams and strategy, whether staff or third parties
  • Substantial exposure to data processing, hardware platforms, enterprise software applications and outsourced systems, with preference in Microsoft Technologies.
  • Expertise in leverage of cloud-based solutions necessary to enable the distributed enterprise.
  • Good understanding of computer systems characteristics, features and integration capabilities
  • Proven leadership ability; ability to instill confidence in the business and demonstrate the business value of IT
  • Exceptional leadership skills with the ability to develop and communicate an enterprise security vision that inspires and motivates staff and aligns to the IT and business strategy
  • Effective influencing and negotiation skills in an environment where resources may not be in direct control of this role
  • Excellent analytical, strategic conceptual thinking, strategic planning and execution skills
  • Strong business acumen, including industry, domain-specific knowledge of the enterprise and its business units
  • Expertise in budget planning and financial management
  • Success in leveraging both traditional best practices, such as IT service management practices based on ITIL, as well as emerging methods like DEV/SEC/OPS that are optimized for agility
  • Demonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfied
  • Strong vendor management and partner relationship skills
  • Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforce
  • Ability to motivate as a servant leader in a team-oriented, collaborative environment


    The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.
    Dice Id : fergsn
    Position Id : R-67131
    Originally Posted : 3 months ago
    Have a Job? Post it

    Similar Positions

    IT Business Systems Analyst- Enterprise Finance & Planning
    • Ferguson Enterprises
    • Newport News, VA, USA
    GRC Security Assessor
    • Apex Systems
    • Virginia Beach, VA, USA
    IT Bus Syst Analyst Sr Advisor
    • Anthem, Inc
    • Norfolk, VA, USA
    IT Business Analyst Oracle Order Management Configuration
    • Ferguson Enterprises
    • Newport News, VA, USA
    IT Program Manager- Digital eCommerce
    • Ferguson Enterprises
    • Newport News, VA, USA
    IT Specialist
    • Cherokee Federal
    • Hampton, VA, USA
    Senior Business Intelligence Advisor- GRC
    • Federal Reserve Bank
    • Richmond, VA, USA
    Business Information Analyst Sr - Health Economics
    • Anthem, Inc
    • Newport News, VA, USA
    Business Information Analyst Senior
    • Anthem, Inc
    • Newport News, VA, USA