GreenSky Administrative Services LLC

  • Senior IT - Governance, Risk and Compliance (GRC) Specialist

    Job Location(s) US-GA-Atlanta | US-GA-Alpharetta
    Posted Date 3 months ago(10/23/2019 1:15 PM)
    Job ID
    # of Openings
    Internal Audit
  • Overview

    Position:  Senior Information Technology - Governance, Risk and Compliance (GRC) Specialist


    The Senior IT Governance, Risk and Compliance (GRC) Specialist is responsible for day to day activities across the entire scope of GreenSky’s Security Governance, Risk and Compliance programs.


    The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in the GreenSky computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly report to IT management. 


    Assists internal and external auditors in executing audits of GreenSky’s computing environments. The Specialist will also maintain the Information Security portion of GreenSky’s Vendor Management program.


    Location:  Atlanta, Georgia or Alpharetta, GA

    Duties & Responsibilities

    • Internal Compliance - Leads IT control assessments to ensure effective IT controls are in place to meeting operational and compliance requirements.
    • Vendor Risk Management - Provides GreenSky Vendor Management a completed risk profile for the vendor on-boarding process and conducts annual review of critical vendors.
    • Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
    • Respond to bank partner or vendor questionnaires in support of the sales team and contractual obligations.
    • Effectively reports and communicates testing results to IT management for corrective action, where required.
    • Performs evidence collection and project management assistance of the annual PCI DSS certification program.
    • Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place.
    • Assist with drafting and maintaining information IT policies; facilitates annual policy review and approval by Corporate Security Committee.
    • Contributes to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge. Provides mentoring for other team members.
    • Works with the IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in GreenSky’s operations and industry.
    • Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
    • Facilitates the performance and testing of annual disaster recovery tests and business continuity plan.

    Required Skills/Qualifications

    Required Skills & Qualifications:

    • Bachelor's degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
    • 4 - 6 years of relevant Information Technology (IT) experience, with a minimum of 2 years' experience focusing on IT Risk, Governance and Compliance
    • Demonstrated knowledge of recognized IT audit-related standards and regulations.
    • Demonstrated knowledge of recognized IT process and quality frameworks such as COBIT
    • Exceptional verbal and written communication skills
    • Experience with High Priority, High Activity and Multi tasked Environments

    Preferred Skills:

    • PCI-DSS audit experience is a plus. Lead auditor or Primary audit respondent, or current /former PCI QSA.
    • SOC 1, Type 2, SOC 2, Type 2 audit experience is a plus.
    • Experience with Security compliance programs, standards and regulations including NIST 800-53, NIST Cyber Security Framework, GLBA
    • HITRUST experience is a big plus
    • CISA, CISSP, CRSIC, CISM or CBCP certification is desired
    • Experience with GRC methodologies, tools and enablers in the financial services sector (e.g. Archer, KeyLight, etc.)
    • Strong project management skills


    GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed