IT GRC Analyst

Job Description:

As a GRC (Governance/Risk/Compliance) Analyst, you will support the ongoing management of the ITS GRC program, including but not limited to IT Service Management, IT Risk Assessment/Management, Data Privacy, Business Continuity (BC), Disaster Recovery (DR), and IT General Controls (ITGC) and Audit. You will support the company’s compliance and risk posture as it relates to overall company assets. You will implement demonstrated best practices from a GRC perspective, while continually identifying points of risk and vulnerability within the organization and performing periodic testing to ensure program effectiveness and coordinating subsequent remediation. You will provide company-wide direction, project management and documentation for all aspects of ePlus IT GRC framework.

Job Responsibilities

BC/DR Program Management - Lead the ongoing development & management of business continuity and disaster recovery programs, incl. deliverables such as Business Impact Analysis, BC/DR Plans, Table Top Exercises, Emergency Contacts List and other related BC/DR-related documentation in company repositories. Implement best practices based on frameworks such as DRI International (DII) and Business Continuity Institute (BCI), as well as other industry trends. Plan and coordinate employee training on crisis management and operations restoration to ensure successful execution during business interruption.
Risk – Support the ongoing development and management of the company’s IT Risk assessment program.
Policy / Compliance – support development and implementation of GRC-related policies and procedures; ensure company-wide adoption and compliance with relevant legislation.
Audit – Work with Internal and External Audit in the coordination and execution of quarterly ITGC/SOX404-related audits, as well as other special “audit projects”.
Incident Response - Play critical role in responding to business interruption and coordinating recovery efforts.
Vendor Management – Manage vendors providing critical business services
General IT Controls: assist in coordinating, testing, improving and filing results including but not limited to:
User Access Reviews (UAR);
ITGC documentation and operating procedures
SOX 404 Reviews and Testing
SSAE 18 SOC Internal and External Reviews
Compliance certifications – including but not limited to HIPAA/HITRUST, PCI-DSS

Your Corporate Responsibilities:

Internal Control responsibilities vary by role and are subject to change. Please discuss your individual internal control responsibilities with your immediate supervisor on a regular basis.

Handle confidential matters and information professionally.
Conduct business in a professional, competent and ethical manner.
Adhere to corporate policies and procedures.

Job Knowledge/Skills:

Strong working knowledge of GRC, IT Service/Risk Management, IT Audit concepts
Ability to work cross-functionally and collaboratively across all business lines
Excellent attention to detail, ability to multi-task and strong follow-up skills
Strong customer-focused and results-oriented attitude
Excellent written and verbal communication skills
Adept in use of Microsoft Office, Internet, and email; MS Project and Visio are a plus
Willingness to travel as needed (10-20% travel per month may be required)
Willingness to perform keyboard intensive work 90% of the time

Education and Experience:

Bachelor’s degree or equivalent experience, MBA is a plus
5-10 years of working knowledge in GRC Analysis, Business Continuity, Disaster Recovery and IT General Controls for a medium to large company including processes and tools. Experience in a publicly-held corporation preferred.
Technical Certifications including ABCP, CBCP, CISA, CISM, CRISC, PMP, COBIT, COSO, ITIL and/or other relevant vendor certifications are a plus
Working knowledge of Incident Management systems and IT Service Management frameworks is a plus (Remedy, Service Now, etc.)
Working knowledge of Everbridge and FusionRM software is a plus
Experience with compliance frameworks is a plus (PCI/DSS, HIPAA, SOC1/2, etc.)

Physical Requirements of Position:

Ability of finger dexterity to be used primarily to make small movements such as typing, picking up small objects or pinching fingers together. Movements frequently and regularly required using the wrists, hands, and / or fingers. Speech ability must be at a level where one must convey detailed or important instructions or ideas accurately, loudly or quickly. Hearing ability must be at a level to hear average or normal conversations and receive ordinary information. Visual ability must be average with ordinary visual acuity necessary to prepare or inspect documents or products or operate machinery. Physical strength for sedentary work with sitting most of the time. May have to exert or lift up to 10 – 20 pounds of force occasionally.

ePlus is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ePlus promotes affirmative action for minorities, women, disabled persons, and veterans.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)