Job Details

Want to join Intellectfaces

Check out our openings from below and fill the application by clicking on it

IT Governance, Risk Management and Compliance Analyst

IT Governance, Risk Management and Compliance Analyst

Location: Hampton, VA


Job Summary:
The Hampton Roads Transit (HRT) IT Governance Risk Compliance Analyst functions to guide maintenance and ensure compliance of IT policies procedures, governance structure, and regulatory
requirements. As a Subject matter expert for guiding the development of IT risk management, governance, and compliance programs the GRC analyst functions to develop and aid adoption and
enforcement of IT processes and procedures across the agency.
Essential Job Functions and Responsibilities:
Day to Day Operations:
• Continuous monitoring of IT General Controls.
• Continuously improve the security framework, methodology, standards, and system of internal controls.
• Govern and report on findings, track the status and ensure corrective actions are complete and sustainable.
• Create and maintain Documentation for Technical processes and compliance procedures.
• Support development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.
• Support risk identification & assessment, response & mitigation, control monitoring, and reporting.
• Create and maintain incident response, business continuity, and disaster recovery plans for cross-functional teams and deployed or developing systems.
• Obtain and review evidence ensuring incident response audit conclusions are well-documented.
• Track and provide guidance on lessons learned and institutional risk mitigations from the incident response.
• Develop narratives and required documentation for IT controls, acquisitions, and processor system changes.
Structured Functions:
• Provide supply chain management guidance for procurement risk.
• Provide cross-discipline consulting and management support for IT Security controls development and testing guidance
Assist in the completion of complex IT audits, and special projects for IT areas including:
o General IT Controls (systems development, change management, computer operations, application controls
o Data and Database Management
o Network Security
o Cloud Environment and Solution as a Service Security
o Industrial Control and Operational Technology Security
o Emerging technologies
o Risk management, project management, governance, and compliance
• Perform Risk and Controls Analysis of agency IT systems and functions.
• Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across Agency Departments and IT functional groups.
• Develop, plan, and perform internal audits of IT processes and information systems from a functional and technical perspective.
• Provide quantitative and qualitative risk assessment and audit walkthroughs.
• Assist in development, review, and improvement of IT policies and procedures.
• Assist in the development and completion of IT security risk assessments.
• Develop risk and audit processes and programs in collaboration with agency risk management, and audit personnel.

Incident Response:
• Complete or participate in operational, compliance, and IT Security investigations.
• Assist as assistant incident coordinator as needed between across investigative teams and management.
• Ensure incident recap and lessons-learned knowledge is socialized and disseminated to stakeholders.
• Ensure quantitative analysis of impact is assessed during incident response.
• Ensure lessons-learned and institutional knowledge are factored into future management and strategic planning.


Functional Abilities Knowledge and Skills:
• Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.
Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.
• Ability to self-manage with limited oversight.
• Excellent written and oral communication skills.
• Excellent interpersonal skills
• Excellent judgment and problem-solving skills
• Must have experience working with security and governance frameworks (i.e. COBIT, NIST, FAIR).
• SME level knowledge of regulatory bodies and compliance regulations of IT
Technical Abilities, Knowledge, and Skills:
• Proficiency with GRC systems
• Proficiency with Microsoft Project, Microsoft Office products
Training and/or Education:
Bachelor’s degree in Computer Science, Cybersecurity, Information Assurance, Risk Management, or related field.
• One (1) to two (2) Years Working in an IT operational capacity.
• Minimum of one (1) to three (3) years in IT Audit, Risk Management, and Governance required.
Preferred Experience:
• Three (3) to five (5) years working in an IT Operational Capacity.
• Cross-domain IT experience.
• CISA, and other IT Audit and Risk Management certifications preferred.

General Preferences:
Experience in Transit and Operational Technologies a plus.

Special Requirements:
• This position requires scheduled Rotating Incident Response.
• This position is classified as essential personnel.

Job Features
Job Category IT Governance, Risk Management and Compliance Analyst
Duration 12+ Months
Job Location Hampton, VA

Apply Online