GreenSky Administrative Services LLC

  • IT Governance, Risk and Compliance (GRC) Manager

    Job Location(s) US-GA-Atlanta | US-GA-Alpharetta
    Posted Date 3 weeks ago(8/29/2019 2:39 PM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    Position:  Information Technology - Governance, Risk and Compliance Manager


    The IT Governance, Risk and Compliance (GRC) Manager is responsible for managing and directing the day to day activities across the entire scope of GreenSky’s Security Governance, Risk and Compliance programs.


    This is a hands-on management position that encompasses managing staff, leading projects and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The GRC Manager will manage the activities to identify, classify, and document control issues in the GreenSky computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly report to IT management. 


    The position will ensure proper maintenance of the Information Security portion of GreenSky’s Vendor Management program; assist in various key support roles for IT and privacy related special projects and ongoing compliance as assigned and serve as key point of contact for providing assistance to internal auditors in executing audits of GreenSky’s computing environments.


    Location:  Atlanta, GA or Alpharetta, GA

    Duties & Responsibilities

    Leads IT control assessments to ensure effective IT controls are in place to meeting operational and compliance requirements.  Examines and reviews testing results, designs and prepares reports that ensure results are effectively communicated to IT management for corrective action, where required.

    • Provides GreenSky Vendor Management a completed risk profile for the vendor on-boarding process and conducts annual review of critical vendors.
    • Manages and performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
    • Ensures timely and accurate responses to bank partner, merchant and/or vendor questionnaires in support of the sales team and contractual obligations.
    • Ensures proper evidence collection and project management assistance of the annual PCI DSS certification program.
    • Tracks and monitors risk exceptions to ensure control deviations are identified and mitigating controls are in place.
    • Assist with drafting and maintaining information IT policies; facilitates annual policy review and approval by Corporate Security Committee.
    • Contributes to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge. Provides mentoring for staff.
    • Works with the IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in GreenSky’s operations and industry.
    • Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
    • Facilitates the performance and testing of annual disaster recovery tests and business continuity plan.

    Required Skills/Qualifications

    Required Skills & Qualifications:

    • Bachelor's degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
    • 6 - 8 years of relevant Information Technology (IT) experience, with a minimum of 3 years' experience focusing on IT Risk, Governance and Compliance
    • PCI-DSS audit experience. Lead auditor or Primary audit respondent, or current /former PCI QSA.
    • SOC 1 Type 2, SOC 2 Type 2 audit experience.
    • Demonstrated knowledge of recognized IT audit-related standards and regulations.
    • Demonstrated knowledge of recognized IT process and quality frameworks such as COBIT
    • Exceptional verbal and written communication skills
    • Experience with High Priority, High Activity and Multi tasked Environments
    • CISA, CISSP, CRSIC, CISM or CBCP certification required.
    • Strong project management skills


    Preferred Skills:

    • Experience with Security compliance programs, standards and regulations including ISO 27000 series, HIPAA, NIST 800-53, NIST Cyber Security Framework, FFIEC Cyber Security Framework, GLBA
    • CCPA and HITRUST experience is a plus
    • Experience with GRC methodologies, tools and enablers in the financial services sector (e.g. Archer, KeyLight, etc.)



    GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed