Senior GRC Analyst

Clayco
Overland, MO, United States
Full-time

About Us

Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations.

With $5.8 billion in revenue for 2023, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for industrial, commercial, institutional, and residential related building projects.

The Role We Want You For

Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst is a Risk-focused, highly analytical role that ensures all material Risk to Clayco Information Assets is identified, quantified, documented, and treated to an acceptable level across the Clayco organization.

This role will involve rigorous discovery and research to determine the full context and scope of exposure to Risk associated with potential for compromise due to a Control gap or exploitable misconfiguration as well as non-compliance with legal and regulatory requirements.

This role will execute and improve current processes for objectively evaluating identified risks, control gaps, and non-compliance with regulations, policies, and standards.

This role will ensure the appropriate capture, analysis, recommended treatment, assignment, and tracking of identified issues.

This role will also own and maintain the Enterprise Risk Register as a point of documentation, Risk rating, tracking, and reporting to ensure that ALL Risk is well understood, quantified, prioritized, and communicated for timely treatment relative to severity.

This role will also assume ownership of the Third-Party Risk Management (TPRM) process to gather details on the security practices and compliance levels for each third-party being considered or contracted for a product or services.

Additional contribution will be expected for internal assessments and 3rd Party audits to gather and submit discovery and transactional responses and artifacts.

Additional responsibilities will be assigned as deemed necessary. Any travel is usually planned, but issues may arise which warrant immediate travel to one or more satellite locations.

The Specifics of the Role

  • Assumes operational ownership of Vendor Risk Questionnaire and its assignment to new and existing Vendors, coordination of collecting Vendor responses, collaborating the assessment of potential Risk based on Vendor responses, collaborating on documentation and communication of relevant findings and recommendation to stakeholders.
  • Administers the Risk Register to document, quantify, and rate Risk with analysis tools, develop treatment recommendations in collaboration with InfoSec team, assign Remediation Tasks to appropriate group / individual, track progress of remediation completion, and apply Risk analysis tools to ensure Residual Risk is at an acceptable level.
  • Interface with assessment and analysis tools to identify potential Risk areas to facilitate a timely and appropriate response to include recommending compensating control(s), process / procedure modifications, awareness training content modification, policy revisions, etc.
  • Understands asset criticality as a primary component to the Risk calculation for identified system software, their versions, and any misconfiguration.
  • Tracks, monitors, and reports on execution of remediation action plans and escalates inadequate responses or progress
  • Conduct risk assessments of IT Systems & Applications to identify gaps in Clayco’s security posture.
  • Collaborates cross-functionally with other Information Technology teams and Business Stakeholders across the Organization
  • Provides leadership with comprehensive reports of Risk-focused activities and outcomes, as requested.

Requirements

  • 5-7+ years’ experience in Risk & Compliance Assessment, Audit & Reporting, or similar functions, preferably within the Information Security or Technology fields
  • 3-4+ years working specifically in Information Security roles involving Risk Analysis, Information System Security Assessment, Compliance Audit with Regulations, Frameworks, & Standards
  • Bachelor's degree in Information Technology or related field, or equivalent experience
  • Required Certifications : Certified in Risk & Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), or Certified Information Systems Security Professional (CISSP) (Current status, or obtained within 9 months of assuming role)
  • Strong experience leveraging auditing principles and methods to evaluate policies, processes, systems, and vendors to identify business risks and control gaps
  • Experience in administering Risk management programs for technology and information security
  • Strong, technical knowledge of modern Systems, Services, Cloud Applications / Platforms, Identity Services, and Data Storage / Handling and their areas of Risk and Threat exposure
  • Experience with administering, maintaining, and leveraging a Risk Register to track and communicate identified Risk and its required remediation
  • Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems
  • Proficiency in necessary productivity tools (i.e. Microsoft Excel, PowerPoint, Word etc.) for analytics and presentations
  • Operate with strong integrity with ability to handle projects of a sensitive & confidential nature
  • Excellent written and verbal communication skills with a proven ability to translate technical or abstract concepts into a narrative that is easily understood by clients.

Some Things You Should Know

  • No other builder can offer the collaborative design-build approach that Clayco does.
  • We work on creative, complex, award-winning, high-profile jobs.
  • The pace is fast!
  • This position is classified as a safety-sensitive role in accordance with applicable state and federal laws. Candidates selected for this position will be subject to a comprehensive background check, which includes mandatory drug testing.

Why Clayco?

  • Best Places to Work St. Louis Business Journal, Los Angeles Business Journal, Phoenix Business Journal.
  • ENR Top Midwest Contractors (#1), Top Design Build Contractors (#4), Top 400 Contractors (#23), ENR Top Green Builders (#5).

Compensation and Benefits

  • Competitive Annual Salary : Based on qualifications, skills, training, experience, and location.
  • Discretionary Annual Bonus : Subject to company performance and individual contribution.
  • Comprehensive Benefits Package Including : Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!
  • 30+ days ago
Related jobs
Promoted
VirtualVocations
Saint Charles, Missouri

GRC Compliance Analyst to manage risk and compliance initiatives. ...

Clayco
Overland, Missouri

GRC Analyst is a Risk-focused, highly analytical role that ensures all material Risk to Clayco Information Assets is identified, quantified, documented, and treated to an acceptable level across the Clayco organization. Under the direction of and in collaboration with the GRC Manager, the Sr. ...

Promoted
Bethesda Health
Creve Coeur, Missouri

Assists in education of clinicians and billing staff to support compliance with third party documentation and billing standards. Works on joint projects with other internal compliance staff to resolve billing and documentation issues. ...

Promoted
VirtualVocations
Saint Charles, Missouri

A company is looking for a Lab Billing & Compliance Specialist to oversee billing and coding compliance within the laboratory. ...

Promoted
Great Southern Bank
Clayton, Missouri

The CRA Compliance Specialist I is responsible for determining Community Development eligibility of loans, services, and donations. Assists in implementing and maintaining Great Southern Bank's compliance program to ensure adherence to all applicable federal and state banking laws and regulations wi...

Promoted
Ameren Services Company
St. Louis, Missouri

The Benefits Compliance and Legal Analyst provides analysis of employee benefits plans and issues and drafts and maintains legal documents as they relate to benefits. The Benefits Compliance and Legal Analyst ensures that all pension and welfare plan communications are compliant with applicable fede...

Promoted
Praetorian Guard Services LLC
St. Peters, Missouri

Valid registration as a security officer - St. The ideal candidate has experience with public safety and security and operates with a high degree of integrity at all times. Report on daily activities and any security incidents. Previous experience as a Security Guard or in a similar position is pref...

Promoted
Allied Universal®
St. Louis, Missouri

As a Retail Security Officer, you will serve and safeguard clients in a range of industries such as Commercial Real Estate, Healthcare, Education, Government and more. Allied Universal®, North America's leading security and facility services company, provides rewarding careers that give you ...

Promoted
MasTec Industrial
St. Louis, Missouri

Project Manager is responsible for overseeing project Safety, Quality, and all Project Controls required to lead the project. Oversee and manage entire site management team (Construction Manager, Project Engineer, Quality Manager, Safety Manager, etc. The collective experience and knowledge of this ...

Promoted
D Aceto Services LLC
St. Louis, Missouri

D Aceto Services LLC is seeking a motivated and detail-oriented Entry-Level Data Analyst to join our team. Help maintain data integrity and accuracy within databases. In this remote position, you will work closely with various departments to analyze data, generate insights, and support decision-maki...