Senior GRC Advisor

POSITION SUMMARY

The Senior GRC Advisor will be responsible for conducting risk assessments and consulting with management on risk, control, and compliance matters. The Senior GRC Advisor will assist with investigating and resolving compliance inquiries, incidents, and other matters as needed. Additionally, the Senior GRC Advisor will conduct audit and advisory engagements and collaborate with management to identify appropriate mitigation strategies and corrective actions.

Essential Functions

• Provides support and/ or co-facilitates risk assessments (information technology, strategic, operational, financial, compliance, etc.) throughout the organization.
• Provides recommendation to management for improvement of overall control environment.
• Collaborates with management to strengthen internal controls and/or develop corrective action plans to remediate risks.
• Develop and facilitate workforce education and awareness training programs relevant to CCNC's internal control environment.
• Advise on projects and key initiatives providing risk management expertise to ensure risks are identified, assessed and mitigated to an acceptable level.
• Conduct audit and advisory engagements to evaluate the high risk areas to determine the adequacy of policies, procedures and controls and, where appropriate, compare to industry best practices and control frameworks such as the Committee of the Sponsoring Organizations of the Treadway's Commission (COSO) and Control Objective for Information and related Technology (COBIT) and other relevant authoritative bodies.
• Develops and maintains risk management methodologies, tools, templates, internal websites and internal and/or external reports to ensure the quality and effectiveness of GRC initiatives and deliverables.
• Develop and adhere to GRC standards, policies and procedures designed to strengthen CCNC's internal control environment.
• Perform Privacy responsibilities such as monitoring and responding to potential privacy incidents, educate workforce on HIPAA compliance, and regularly collaborate with Privacy Officers to share best practices.
• Fulfill other GRC responsibilities as directed by management.

Qualifications

• Bachelor's degree in a technology, audit or financial related field
• Minimum 5-years experience in auditing, risk management and/or compliance

Knowledge, Skills, and Abilities

• Effective verbal and written communication
• Excellent presentation skills
• Interpersonal (listening, facilitating, interviewing) skills
• Analytical, project management and consulting skills
• At least 3-years experience leading, planning, conducting and overseeing complex audit and advisory engagements
• Experience conducting risk-based financial, operational and/or technical audits
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Public Accountant (CPA)

Working Conditions

• Routinely there may be some minor physical inconveniences or discomforts in the work setting, including sitting for moderate periods of time
• Must be able to utilize office equipment, computer, keyboard and phone with or without assistive devices
• Repetitive wrist motion and occasional lifting/carrying of up to 25 pounds