Sr IT Governance, Risk & Compliance Analyst Job

Sr. IT Governance, Risk & Compliance Analyst


The IT Governance, Risk and Compliance (GRC) Analyst, Senior is responsible for executing tasks and participating in projects in support of IT’s governance, audit, risk and compliance framework, policies and processes. Under limited direction, audits and assesses risk on the most complex new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that information systems procedures are in compliance with corporate standards. Understands IT GRC (Governance, Risk and Compliance) concepts, practices, and procedures at the highest levels.


Participates in all aspects of audit activities including risk assessments, planning, testing, control evaluation, documentation, report drafting, issue clearance with technology stakeholders, and follow-up/verification of issue closure. Identifies risks, designs controls and creates testing procedures. Participates in both standalone technology and business integrated audits. Monitors various projects with major application development initiatives, and performing continuous risk assessments of coverage areas. Generates and maintains reporting to accurately reflect the current state of the program to senior management and regulators, while partnering with the Operational Risk Management team to ensure alignment of the NYCB IT risk control and self-assessment with the larger business risk control and self-assessment program and goals. Partners with Audit team members in other business areas to ensure the delivery of a seamless program of control and audit risk coverage. Conducts quality assurance reviews of risk control and self-assessments. Partners with IT teams to identify and correct process control design and execution issues. Facilitates GRC activities as needed with examiners (FDIC). Participates and facilitates monthly, quarterly and annual review activities. Contributes to the continued development of internal controls awareness within the IT organization. Facilitates IT SOX policies, narratives, and control self-assessment documentation. Creates and maintains IT control documentation. Manages application permission review campaigns. Develops recommendations to improve the IT internal control environment. Facilitates the remediation of IT internal control deficiencies. Participates in risk assessment activities across the IT organization, including 3rd party technical risk assessments. Participates in risk management, compliance, and internal control initiatives as needed. Performs technical research on risk topics. Keeps current on latest technologies and best practices relative to their area of responsibility. Recognizes and recommends areas needing improvement. Participates in the development of IT strategies in collaboration with IT peers and the executive team. Ensures compliance with corporate and IT policies and procedures. Integrates corporate methodologies and standards, as appropriate. May provide guidance/training to more junior staff. Performs special projects, and additional duties and responsibilities as required. Where applicable and when performing the responsibilities of the job, employees are accountable to maintain Sarbanes-Oxley compliance and adhere to internal control policies and procedures.

For more information visit


Bachelor’s degree in Technology, Accounting, Finance or Business or equivalent relevant work experience. Five (5) to eight (8) years of internal controls, audit, information security, risk management or technology process experience. CISA/CISSP/PMP preferred. Financial services experience preferred. Experience with compliance and/or control frameworks preferred. Experience with Sarbanes-Oxley compliance preferred.


Knowledge of COBIT and COSO and Sarbanes Oxley legislation and impact, and other regulations. Basic understanding of key IT impacting banking regulations and standards such as GLBA and PCI. Demonstrated ability to apply analytical skills in dealing with issues that are not readily defined or that conflict with available information. Strong verbal and written communication skills. Solid understanding of industry standard IT general controls. Demonstrated facilitation and project management skills. Willingness to learn. Understanding of business process controls preferred. Computer literate with proficiency in Windows 7, Microsoft Office and Microsoft Project. Excellent planning, time management, and follow through skills. Independent/self-starter. Excellent problem solving skills. Ability to adapt to changing requirements. Ability to document processes, roles, key decisions, and other work session outputs. Attention to detail and ability to implement. Ability to influence others preferred. Ability to maintain organizational relationships with both business and IS. Ability to maintain organizational respect and trust. Ability to handle multiple tasks concurrently. Ability to rely on experience and judgment to plan and accomplish initiatives. Ability to serve as a resource to others in the resolution of complex problems. Ability to delegate and review the work of employees. Ability to maintain a professional composure with clients in difficult situations. Ability to maintain confidentiality with regard to customer information and employee records.

For more information visit