Southwest Key Programs
Southwest Key Programs (SWK) is one of the largest, Latino-led nonprofit organizations in the United States.
As the GRC Analyst, you will manage risks related to Information Technology, Information Security, Privacy, Regulatory Compliance, and Governance. You will be responsible for documenting, maintaining, and reporting on governance, risk, and compliance activities. This role plays a strategic part in overseeing the organization's Third-Party Risk Management (TPRM) program and risk management initiatives. Responsibilities include conducting comprehensive risk assessments, establishing risk frameworks, and ensuring compliance of third-party vendors with security, legal, and regulatory requirements.
Essential Functions:
- Assist the AVP of Information Security in developing and implementing an enterprise-wide governance, risk management, and compliance program.
- Establish policies, procedures, and controls for compliance with legal and regulatory requirements.
- Conduct regular risk assessments to identify vulnerabilities and develop mitigation strategies.
- Collaborate with stakeholders to provide guidance on compliance-related matters.
- Stay updated on relevant laws and communicate changes to the AVP of Information Security.
- Conduct periodic audits and reviews of internal processes.
- Coordinate external audits, ensuring all documentation is available.
- Provide training and education on compliance-related topics.
- Serve as the primary contact for external regulatory agencies.
- Track and report on compliance metrics to senior management.
- Foster a culture of ethics and accountability within the organization.
- Identify new or emerging risks and develop mitigation plans.
- Provide technical leadership and security expertise.
- Demonstrate superior communication skills and the ability to build working relationships.
Qualifications and Requirements:
- Strong leadership skills and understanding of Governance, Risk, and Compliance (GRC) principles.
- Experience in Third Party Risk Management (TPRM).
- Leadership in conducting risk assessments (IT, operational, cybersecurity).
- Develop and maintain risk dashboards and reporting tools.
- Perform reviews of third-party vendor contracts and compliance documentation.
- Lead the creation of policies for TPRM and enterprise risk management.
- Ensure compliance with industry-specific regulations.
- Regularly evaluate TPRM and overall risk management programs.
- Lead risk awareness and training initiatives.
- Familiarity with privacy regulations and industry-specific regulations.
- Strong analytical and problem-solving skills.
- Proven experience in leading risk management or TPRM programs.
- Experience conducting audits of third-party vendors.
- Project management experience.
- Bachelor’s degree in Information Security, Risk Management, Business Administration, or a related field.
- Professional certifications such as CRISC, CISA, CISSP, CISM are desirable.
Physical Demands:
Must be able to read, write, and communicate effectively. This position requires accessing workstation components and office equipment, responding to emergency situations, and may involve extensive travel. Must be able to lift up to 10 pounds and work in a busy environment with many interruptions.
#J-18808-Ljbffr
