The Risk & Compliance Operations Analyst strengthens the Governance, Risk, and Compliance (GRC) program, which sits within the SPE InfoSec department, by supporting and contributing to security risk and compliance initiatives across multiple SPE teams. This role requires proactiveness, sharp analytical skills, deep curiosity, and a forward-looking mindset to improve how information is gathered, validated, tracked, and reported.
Grc Consultant, Risk Compliance, risk, GRC , Risk Assessment, Risk Analytics, Risk Advisory
Key Responsibilities
AuditBoard Risk & Compliance Operations
- Support ongoing initiatives within the AuditBoard platform, including data accuracy, documentation updates, entry of findings, and issue tracking.
- Input risk findings and issues into AuditBoard with precision and consistency.
- Support Statements of Applicability (SOA) efforts, ensuring results are correctly represented in AuditBoard.
- Prepare and display compliance, SOA, risk, issue, and exception reports for leadership, operations (risk and compliance) and audit teams.
Policy Exception Management- Triage and assess Policy Exception Requests by assessing risk of identified vulnerabilities, validating mapped controls, and overall exception quality.
- Identify the correct approvers for each request
- Quality check exception to ensure all required fields support the overall risk of the exception
- Complete request fields with accurate, research-driven details
- Follow each request through final closure
- Ensuring accuracy and completeness of exceptions data.
- Support analysis of the current backlog (40) and ongoing intake (23 per week).
ICA (Information Criticality Assessment) intake Support
- Conduct preparation work for ICA activities, ensuring data and scope details are ready for downstream review by business, IT, and InfoSec reviewers.
- Support ICA continuous improvement opportunities including testing use cases and suggesting better ways to run the ICA program.
- Support re-certification efforts per established ICA procedures
- Manage ICA request processing to ensure SLA compliance.
Information Systems & Vendor Security[ER1]
- Maintain and update the master list of Vendor and Application Assessment statuses, ensuring clarity on progress, issues, and dependencies across the ecosystem.
- Ensure accuracy of assessment data and reporting outputs.
- Contact vendors using standardized communication templates to obtain required security artifacts.
- Conduct risk assessments using SOPs and the UpGuard GenAI assessment process to identify security control gaps and associated risks.
- Review and perform quality checks on risk assessment reports.
- Update external dashboards status changes and ensure alignment with AuditBoard as the system of record.
Innovation, Reporting & Automation
- Support the development of automated reports, dashboards, and displays to replace manual reporting where possible.
- Identify opportunities to streamline repetitive compliance processes and adopt smarter, more efficient methods.
Qualifications & Traits
- Solid understanding of information systems, security control frameworks, and security governance concepts.
- Highly proactiveanticipates needs, surfaces risks early, and drives work forward independently.
- Curious and unafraid to ask questions to reduce ambiguity and uncover root facts.
- Strong sense of urgency, particularly when working with compliance deadlines or audit-driven milestones.
- Appreciates established, time-tested processes but remains open to modernization and continuous improvement.
- Excellent attention to detailaccuracy and completeness are non-negotiable in this role.
- Strong research aptitude; enjoys digging into details, systems, frameworks, and historical records.
- Comfortable coordinating across distributed teams.
- Innovates new ideas, automation, and improved reporting formats.
- Eager to learn and grow in an evolving technology and security landscape.
- Natural curiosity about how systems and processes work, which supports effective analysis and consistent exposure to new concepts.
