Overview
The Sr. Technology Risk Analyst serves as a Governance, Risk and Compliance subject matter professional responsible for ensuring enterprise adherence to regulatory requirements, internal policies, and compliance program standards. This role provides lead responsibilities over GRC tooling, consolidated Technology Risks, Threats and Controls Library and major compliance frameworks while partnering with senior stakeholders to assess risk, influence control design, and strengthen the organization's overall compliance posture
Responsibilities
- Compliance & Controls Validation
- Serve as a subject matter expert for SOC, PCI, SOX, NYDFS and other regulatory compliance frameworks, providing strategic guidance to business and technology leadership.
- Lead compliance risk assessments and influence control design decisions across complex business processes and systems.
- Partner with senior leadership to align compliance initiatives with organizational risk tolerance and business objectives .
- Maintain and curate a centralized Risks, Threats, and Controls Library to ensure consistency, accuracy, and enterprise reuse of risk and control data across compliance programs.
- Audit Support
- Act as the primary liaison for external auditors and third-party assessors for assigned audits.
- Lead audit walkthroughs, represent management positions, and provide risk-based challenge to audit findings when appropriate .
- Drive enterprise-level remediation efforts, ensuring sustainable corrective actions rather than one-time fixes.
- Policy & Process
- Own the lifecycle management of compliance policies, standard , and procedures, including governance approval and enterprise rollout.
- Translate regulatory and audit requirements into actionable business and technical controls.
- Influence governance practices across multiple business organizations to improve compliance maturity.
- Strengthen the scope, structure, and consistency of the enterprise Risk Register, ensuring risks are clearly articulated, consistently assessed, and traceable to threats, controls, and remediation activities.
- Reporting
- Develop executive-level reporting on compliance posture, risk trends, and remediation progress.
- Present compliance insights and recommendations to senior management and cross-functional leadership.
- Continuous Improvement
- Proactively monitor regulatory changes and assess business impact, driving timely program updates.
- Mentor and provide guidance to junior compliance analysts, reviewing work product for quality and consistency.
- Own the administration, configuration and optimization of GRC tooling and workflows to support scalable risk, control, and issue management.
- Champion automation and data-driven approaches to reduce fragmentation of risk and control information and improve operational usability at scale.
- Identify opportunities to reduce compliance burden while maintaining strong control environments.
Qualifications
- Bachelor's degree in Business , Information Systems, or related field.
- Experience: 6-8 + years in compliance, internal audit, or risk management roles.
- Certifications: Preferred CISA, CI SM , or equivalent.
- Strong knowledge of SOX, SOC, PCI, and IT governance frameworks.
- Excellent analytical, communication, and stakeholder management skills.
Preferred Skills
- Familiarity with ERP systems and risk management tools.
- Familiarity with GRC Platforms ( AuditBoard , HyperProof , etc.)
- Ability to manage multiple projects in a fast-paced environment.
- Strong problem-solving and decision-making capabilities .
- Experience in a top four financial firm a plus.
