Staff Risk And Compliance Analyst

Job Description Summary

Looking to make a global impact and solve problems?

Through relentless innovation and continuous collaboration with our customers, GE Gas Power, part of GE Vernova, is providing more advanced, cleaner, and efficient power that people depend on today and building the energy technologies of the future.

What Impact You’ll Make

As a Staff Risk & Compliance Analyst in the Power IT GRC function, you will support day-to-day IT GRC activities that contribute to the Power segments SOX assurance, assist in advancing the multi-year control rationalization and automation roadmap with clear KPIs/KRIs, and develop your expertise in governance, risk, and compliance.

Job Description

• Support governance framework: Assist in maintaining the IT governance structure using established frameworks; help update documentation, track process adherence, and support standardization efforts under senior guidance.
• SOX Compliance Management: Support the Power DT Sarbanes-Oxley compliance program by coordinating testing activities, managing documentation requirements, and ensuring timely completion of control assessments. Collaborate with process owners to maintain accurate control narratives, risk-control matrices, and test evidence in accordance with SOX requirements. Track testing cycles, identify control gaps or weaknesses, and facilitate managements remediation efforts. Prepare SOX status reports for leadership and external auditors, maintain the SOX controls repository, and stay current on regulatory changes and industry best practices to ensure continuous compliance with financial reporting requirements.
• End-to-End Deficiency Management: Lead comprehensive deficiency identification, tracking, and resolution processes across all GRC domains. Collaborate with control owners and business stakeholders to document findings, assign remediation actions with clear deadlines, and monitor progress through to closure. Maintain deficiency registers, provide regular status reporting to leadership, perform root cause analysis, and ensure timely escalation of overdue or high-risk items. Drive continuous improvement by analyzing deficiency trends and recommending preventive measures to strengthen the organizations control environment.
• Support key control domains: Assist in ERP control areas (Identity and Access Management/Privileged Access, SDLC/DevOps change, and IT operations) by performing routine control testing, maintaining evidence files, and supporting standardization initiatives.
• Support policy development: Assist in drafting and updating IT policies and procedures for security, data management, and access control; help coordinate review processes, track acknowledgments, and maintain policy repositories to support continuous compliance.
• Support risk management: Assist in risk assessment activities by gathering data, documenting findings, and maintaining risk registers; help identify and document risks associated with IT systems, including cybersecurity threats and data breaches, under senior supervision.
• Support compliance audits: Serve as a key support resource for internal and external audits; assist in managing request lists, gathering evidence, organizing documentation, responding to routine inquiries, and tracking remediation progress for identified control deficiencies.
• Monitor regulatory adherence: Help monitor changes in regulations and laws, such as SOX, NIS2, and GDPR; assist in maintaining control and policy mappings and support updates to ensure ongoing compliance.
• Support training and awareness: Assist in developing training materials and coordinating training sessions for employees and stakeholders; help track participation and gather feedback to support understanding of compliance obligations and best practices.
• Support reporting: Assist in building and maintaining reports and dashboards for senior management on IT risk posture, compliance status, and control effectiveness; help gather data, validate information, and prepare routine status updates.