Position : IT GRC Analyst III

　　Location : Dallas, Texas

　　Requisition ID: : 24592

　　General Purpose:

　　Play an important role in ensuring DFA’s adherence to technology-related regulatory requirements and industry standards, identifying and managing technology risk within acceptable levels and maintaining an effective and compliance GRC program. This position requires a strong understanding of IT processes, risk management frameworks, and the ability to develop and implement effective compliance strategies.

　　Job Duties and Responsibilities:

　　Governance:

　　Participate and contribute to the IT Governance, Risk and Compliance program, ensuring IT controls, policies, processes, and procedures support DFA’s mission, overall enterprise risk strategy, legal and regulatory requirements, and industry standards\best practices

　　Collaborate with and influence technology and business leaders to develop, strengthen, and maintain an overall IT governance framework. Establish and maintain policies, procedures, and standards for IT governance

　　Monitor and report on the effectiveness of IT governance processes

　　Provide primary support for DFA’s GRC software platform

　　Risk Management:

　　Assist in conducting risk assessments to evaluate and document potential risks to the organization's IT infrastructure. Work with relevant stakeholders to ensure accountability for implementation of risk mitigation strategies within approved timelines

　　Monitor and report on key risk indicators and emerging threats

　　Compliance:

　　Ensure IT policies and procedures align with relevant regulatory requirements and industry standards

　　Stay current on changes in regulations and standards affecting IT, and update policies accordingly

　　Conduct regular compliance audits and assessments

　　Policy Development:

　　Work with cross-functional teams to develop and update IT policies and procedures

　　Communicate policies to relevant stakeholders and ensure adherence

　　Training and Awareness:

　　Develop and deliver training programs on IT governance, risk management, and compliance

　　Promote awareness of IT compliance requirements throughout the organization

　　Reporting:

　　Prepare and present clear and concise reports to management on IT governance, risk, and compliance activities

　　Communicate key risk findings and compliance status to stakeholders

　　Travel:

　　5%-15% (1-3 times per year)Minimum Requirements:

　　Education and Experience

　　Bachelor’s degree in computer science, information security, or other related field (work experience may be substituted for the required education on a year for year basis)

　　At least 4 years of relevant work experience in a position focused on technology risk management, information security, and/or technical audit or compliance roles

　　Significant experience in developing and accessing technical and process-based controls, managing risk

　　Current CRISC, CISA, CISM or CGEIT certification (or other equivalent IT industry certification) is preferred

　　Knowledge, Skills, and Abilities

　　Strong knowledge of IT and security control frameworks (e.g., COBIT, ITIL, NIST Cybersecurity Framework, ISO 27001, PCI DSS), common security and privacy law and regulation, and their application in a large enterprise environment

　　Familiarity with Governance Risk Compliance (GRC) tools and automation of risk evaluation and reporting

　　Excellent verbal and written communication skills with the ability to articulate technical, procedural and policy information across various organizational levels

　　Able to conduct assessments/investigations and work with organization management to integrate controls into the scope of existing business practices

　　Analytical mindset with the ability to assess and mitigate complex IT risks

　　Attention to detail and accuracy

　　Problem-solving and critical-thinking skills

　　Project management and organizational skills

　　Able to work independently and collaboratively in a team

　　An Equal Opportunity Employer