Job Overview:

The GRC Analyst II is responsible for working across the organization with all levels of individuals as well as with external auditors to implement and execute on a comprehensive Security Governance and Compliance program. This role is responsible for coordinating and reporting on IT portions of internal and external audits, review findings and work with the impacted areas to develop, track, and complete remediation plans.

The GRC analyst will work with the GRC leaders to execute and maintain a robust IT compliance program that proactively manages audits and assessments and risks to the enterprise. These roles will also contribute to the Identity and Access Governance program, security policy and standard development, and cyber security awareness program.

Job Responsibilities: 

Core Responsibilities

• Conducts regular access reviews on critical systems to ensure access is appropriate.
• Ensures overall compliance with regulatory requirements, including but not limited to PCI, SOX, HIPAA, etc.
• Conducts assessments to identify gaps and make sound recommendations for improvement. Identify acceptable levels of residual risk, and assist with action plans, policy, and procedural changes for risk mitigation.
• Conduct and monitor the enterprise security awareness program; ensure compliance across the organization.
• Determine threats, identify risks and vulnerabilities to the organization, maintains and updates control framework.
• Maintains the GRC team’s security awareness program to help create security awareness trainings, and track results through metrics.
• Assists with the build out of an enterprise GRC technology platform, development, and documentation of application functionality.
• Assist with the development of the Identity and Access Governance function and drive the execution and implementation of the program.
• Prepares documentation and reports requiring minimal revision by management.
• Meets with various management groups to facilitate efficient and effective compliance projects and services.
• With minimal supervision, holds discussions with management regarding control weaknesses and prepare reports to management communicating results including recommendations to improve technology and business practices.
• Identifies opportunities and provides solutions for improvement, such as automation, to compliance processes.
• Monitors progress and status of multiple concurrent assigned compliance projects to ensure completion within budgeted timeframes, reporting any timing issues to management in a timely manner.
• Collaborates with internal and external auditors.

Job Requirements:

Education/ Certifications:

• Bachelor’s degree in computer information systems, Information Technology, Accounting, and Finance or related field is preferred.

Experience:

• 3-5 years of experience in security governance, risk, and compliance, or related field preferred.

Knowledge/Skills/ Abilities

• Must possess a strong working knowledge in the following areas: operating systems, applications, operations (batch processing, monitoring) networking and telecommunications, databases, and logical security.
• In-Depth knowledge of internal control concepts, principles, risk analysis, Sarbanes-Oxley Compliance, PCI Compliance, HIPAA, Privacy, process improvement and techniques, including COSO and COBIT frameworks
• Requires excellent analytical and communications skills to learn customer business objectives, evaluate risks and plan, supervise and control compliance and other activities.
• Proficient in MS Office tools (Excel, Word, etc.)
• Must have excellent verbal, written and presentation skills, a high degree of personal integrity and ability to work under limited supervision. Supervisory skills, ability to work well with others in a team environment and ability to produce results through others is required.
• Must be capable of working under minimum supervision, planning, and conducting compliance assignments and directing the activities of staff as required.

• Good judgment is required for this position as there may be times when direct supervision may not be immediately available.

Work Environment:

Remote Role:

• This position is classified as remote where the associate will perform remote work from their primary residence. Remote associates are welcome to work from the office but are not required to do so. While remote associates are not required to work from an office on a regular basis, they may be required to come to the office or other UNFI locations for necessary business reasons or if directed to do so by their manager.

Travel (minor):

This position may require the associate to travel to company offices, distribution centers, or other locations for specific meetings or other business reasons.

The above statements are intended to describe the general nature of the work performed by the employees assigned to this job. All employees must comply with Company policy and applicable laws. The responsibilities, duties and skills required of personnel so classified may vary within each department and/or location.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.