As a Senior GRC Analyst reporting to the Manager or Sr. Manager, IT Risk and Compliance, your role will involve supporting day-to-day IT compliance, data governance, and IT risk management functions. Your primary responsibilities will include defining, creating, and managing IT policies and standards to ensure legal and regulatory compliance and uphold general IT and organizational information security practices. **Principal Responsibilities:**
Audit and assess the firm-wide plan for IT Risk and Compliance policies and rules, such as log-in and passwords. - Participate in process and control documentation related to controls implementation. - Develop and implement operational and enterprise governance frameworks. - Perform business impact analysis and assist with the development of IT/InfoSec risk register. - Establish a metrics and reporting function to continually report on security, risk, and compliance metrics for operational and executive management. - Manage the automation of KPIs & KRIs reporting aligned with operational/business risk. - Support internal and external audit processes for compliance concerns and risk management, including PCI, SOX, ISO, NIST, Issuers, etc. - Assist in vendor due diligence process and define third-party risk management efforts. - Conduct periodic gap assessments to validate compliance across product lines and drive remediation activities for various information systems and processes. - Collaborate with GPS counterparts for compliance reporting and enhance the risk & compliance framework. **Required Skillset:**
Certification in Cobit, MOR, and ITIL V3 Expert or ITIL Managing Professional preferred. - Bachelor's degree in Computer Science, Information Systems, Information Technology, Software Engineering, or Information Security. - Minimum of 5 years of business experience with strong basic execution capabilities. - Working knowledge of regulatory environment encompassing SOX, PCI, GLBA, ISO. - Ability to follow guidelines, identify and resolve problems. - Proficiency in English. **Preferred Skillset:**
Master's or Advanced degree in Computer Science, Information Systems, Information Technology, Software Engineering, or Information Security. - Experience working for a publicly traded company in a similar role or with a reputable auditing/consulting firm. Encore Capital Group is a publicly traded international specialty finance company that operates in various countries worldwide. Through businesses like Midland Credit Management and Cabot Credit Management, we assist consumers in restoring their financial health. Our 'Employee-First Approach' ensures a supportive work environment with career development opportunities, comprehensive compensation and benefits programs, wellness initiatives, and promotion opportunities from within. If you are passionate about innovation, inclusion, and excellence, Encore Capital Group welcomes you to join our team. As a Senior GRC Analyst reporting to the Manager or Sr. Manager, IT Risk and Compliance, your role will involve supporting day-to-day IT compliance, data governance, and IT risk management functions. Your primary responsibilities will include defining, creating, and managing IT policies and standards to ensure legal and regulatory compliance and uphold general IT and organizational information security practices. **Principal Responsibilities:**
Audit and assess the firm-wide plan for IT Risk and Compliance policies and rules, such as log-in and passwords. - Participate in process and control documentation related to controls implementation. - Develop and implement operational and enterprise governance frameworks. - Perform business impact analysis and assist with the development of IT/InfoSec risk register. - Establish a metrics and reporting function to continually report on security, risk, and compliance metrics for operational and executive management. - Manage the automation of KPIs & KRIs reporting aligned with operational/business risk. - Support internal and external audit processes for compliance concerns and risk management, including PCI, SOX, ISO, NIST, Issuers, etc. - Assist in vendor due diligence process and define third-party risk management efforts. - Conduct periodic gap assessments to validate compliance across product lines and drive remediation activities for various information systems and processes. - Collaborate with GPS counterparts for compliance reporting and enhance the risk & compliance framework. **Required Skillset:**
Certification in Cobit, MOR, and ITIL V3 Expert or ITIL Managing Professional preferred. - Bachelor's degree in Computer Science, Information Systems, Information Technology, Software Engineering, or Information Security. - Minimum of 5 years of business experience with strong basic execution capabilities. - Working knowledge of regulatory environment encompassing SOX, PCI, GLBA, ISO. - Ability to follow guidelines, identify and resolve problems. - Proficiency in English.