IT Governance and Risk SME

• Lead risk analysis efforts to assess how technical control issues, vulnerabilities, and compliance exceptions contribute to overall enterprise risk posture.
• Maintain and improve governance and risk methodologies aligned with standards such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, SOX, GDPR, HIPAA, and PCI DSS.
• Act as a liaison between technical teams and business stakeholders to translate risk-related insights into actionable strategies.
• Support internal and external audit readiness by coordinating risk assessments, tracking issue remediation, and reporting on compliance gaps.
• Contribute to GRC tool usage (e.g., ServiceNow GRC, Archer, or MetricStream) for monitoring control health, exceptions, and residual risk.
• Collaborate with legal, compliance, audit, and IT operations to ensure integrated risk management practices across the enterprise.
• Aggregate data from multiple risk domains to develop executive-level dashboards, reports, and risk narratives that influence decision-making.
• Participate in the development and rollout of risk governance models, exception handling processes, and control improvement initiatives.

Required Qualifications:

• 7–12 years of professional experience in IT Risk, Governance, or Cybersecurity GRC functions.
• Strong working knowledge of risk frameworks such as NIST CSF, ISO 27001, COBIT, SOC 2, SOX, and GDPR.
• Demonstrated ability to interpret and connect vulnerabilities, policy violations, and exceptions to broader business risks.
• Experience with risk aggregation, remediation tracking, and reporting for internal/external stakeholders.
• Skilled in stakeholder engagement across risk, audit, compliance, and technical functions.
• Familiarity with GRC tools and platforms used to manage controls, exceptions, and assessments.

Preferred Qualifications:

• Certifications such as CISA, CRISC, CISSP, CGEIT, or equivalent.
• Experience working in regulated sectors such as finance, healthcare, insurance, or critical infrastructure.
• Hands-on experience with exception governance processes, risk acceptance workflows, and issue management.
• Understanding of how to design and implement scalable metrics for KRIs, control effectiveness, and risk trends.

Key Competencies:

• Strategic thinker with a strong grasp of enterprise risk management principles.
• Highly analytical with the ability to synthesize complex technical data into actionable business insight.
• Effective communicator skilled in developing risk reports, briefings, and dashboards for both technical and executive audiences.
• Strong collaboration and leadership skills within matrixed environments.
• Proactive, organized, and results-driven with a continuous improvement mind-set.