Tech GRC Analyst

Job Description

The Tech Risk Governance Analyst ensures that risk and control activities across Technology are effectively governed, validated, and reported. Operating under the Group Technology Risk Governance Framework, the role consolidates risk and control information from applications, infrastructure, and technology teams, validates the completeness and accuracy of submissions, and prepares reliable governance reporting for leadership, regulators, and auditors.

Responsibilities

Risk and Control Monitoring

• Maintain governance registers covering RCSAs, KRIs, audit findings, risk acceptances, and remediation actions.
• Evaluate submitted evidence and control descriptions to confirm that remediation activities sufficiently mitigate identified risks before closure.
• Verify that control ownership, implementation details, and supporting documentation are complete and consistent across systems.
• Monitor progress of open actions, escalating overdue or at-risk items with sufficient context for leadership decision-making.
• Ensure all monitoring and evaluation activities align with the Group Technology Risk Governance Framework and committee mandates.
  
  

• Consolidate verified data from technology domains to produce accurate summaries for ERMC, TRWG, and other governance forums.
• Translate updates into structured reports that highlight key risk trends, recurring control weaknesses, and emerging issues.
• Collaborate with the Tech Risk Automation & Reporting Analyst to ensure accuracy and consistency across dashboards and leadership reports.
• Support periodic review and update of Technology Governance policies, procedures, and templates to ensure reporting materials remain consistent with approved frameworks and regulatory expectations.
• Maintain a central evidence repository that enables traceability and readiness for audits and regulatory reviews.
• Support governance forums by preparing materials, documenting decisions, and tracking follow-up actions to ensure accountability.
  
  

• Liaise with Internal Audit, Risk, and Compliance to provide validated evidence of control design and operational effectiveness.
• Review audit and regulatory findings to determine whether closure evidence demonstrates effective risk mitigation.
• Coordinate follow-up reviews where additional control assurance or documentation is required.
• Track risk acceptance decisions and ensure approvals, justifications, and residual risks are properly documented.
  
  

• Partner with application, infrastructure, and technology teams to ensure governance evidence aligns with policy requirements.
• Facilitate communication between first, second, and third lines of defense to maintain visibility on remediation and residual risks.
• Recommend process improvements that strengthen governance maturity, enhance data accuracy, and simplify assurance reporting.
• Provide structured updates reflecting the maturity and sustainability of the control environment, not just action closure.
  
  

• 5–7 years of experience in Technology Risk, IT Audit, or Governance within a financial or regulated environment.
• Strong ability to evaluate the adequacy of control design, implementation, and evidence before risk closure.
• Advanced proficiency in Excel, SharePoint, and Power BI for governance reporting and data consolidation.
• Familiarity with Microsoft 365 tools (Forms, Power Automate, Power Apps) to support governance workflows.
• Excellent written, verbal, and presentation skills, with experience preparing leadership decks and audit-ready reports.
• Strong ability to design clear, executive-level visuals in PowerPoint and summarize complex data into concise, actionable updates.
• Working knowledge of governance frameworks such as COBIT, ITIL, ISO 27001, and PCI DSS.
• Proven ability to manage multiple remediation streams and evaluate complex control environments across technology domains.
• Certifications such as CISA, CRISC, CGEIT, or ITIL are advantageous.