Sr. Analyst: Governance, Risk, & Compliance - Kiewit Technology Group

Apply now »
Apply now

Date: Jun 27, 2019

Location: Omaha, NE, US

Company: Kiewit

Requisition ID: 80599


The Senior Governance, Risk and Compliance Analyst will provide technical expertise over the Kiewit Information Technology governance, risk and compliance program.  They will identify and respond to organizational information security risks and/or concerns, develop, implement, and document improvements to correct deficiencies and mitigate risk.  They will also take a senior lead in the development and maintenance of the continuous monitoring/audit program.  

The successful candidate would be responsible for identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments. This position works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to Executive management and various stakeholders. The Senior Governance, Risk & Compliance Analyst assists with oversight of compliance standards and corporate policies. 
This role also interfaces between Legal/ Compliance and both internal and external auditors for compliance initiatives, including providing requested audit inputs.  The Sr. Analyst will be well versed in a variety of regulations such as DFARs, NERC CIP and NIST CSF. This position will be part of the team responsible for establishing and maintaining an enterprise Information Security Governance, Risk and Compliance vision, strategy and program. 

•    Assists with the development of the continuous audit/monitoring program to include designing and analyzing control tests for IT systems and high-risk technical areas
•    Audit systems around NERC CIP and DFARS controls
•    Work individually and on teams to support the completion of specific tasks within time and budget constraints and interface with the customer/client/stakeholder on a day-to-day basis
•    Apply their expertise to the practical issues they identify or those presented by the customer/client/stakeholder
•    Assist the stakeholders to formulate solutions, prepare deliverables, and documentation
•    Develop and maintain quarterly continuous audit/monitoring updates/reporting 
•    Explain complex information to others, including new controls, requirements and evidence material 
•    Provide audit guidance and respond to customer inquiries, as needed 
•    Assist with documenting and reporting actual or potential information security violations 
•    Provide governance and compliance consulting to the business, and recommend steps to mitigate potential exceptions 
•    Solve problems in straightforward situations and within guidelines 
•    Monitor systems for compliance to Information Security Policy and Standards 
•    Direct the work of staff and review work, deliverables and reports for accuracy and completeness
•    Monitor internal and external business, regulatory and technology environment to identify new or emerging risks and verify remediation of issues
•    Understand and articulate risks associated with technology processes and IT general controls and identify process and control gaps proactively 
•    Assist in the coordination and/or perform risk assessments and audit processes against a wide variety of security and privacy regulatory and compliance frameworks for several products
•    Liaise across relevant business, technology, and control functions to prioritize risks, challenge technology risk decisions, assumptions and tolerances, and drive appropriate risk response
•    Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner
•    Assist with the development and validation of remediation plans for technology deficiencies
•    Improve controls for internal systems, policies and processes
•    Monitor compliance initiatives and control effectiveness
•    Collaborate with internal teams and external auditors throughout compliance, audit, and attestation engagements
•    Stay current on security industry trends, relevant compliance requirements, and security best practices by attending conferences, networking with peers, and other educational opportunities
•    Mentor and train less experienced staff

•    3+ years in IT Risk, Compliance, Business Continuity/Disaster Recovery, or a combination of in a closely related field
•    Must have and maintain or be able to obtain within one year of employment at least one of the following certifications: CISSP, CISA, CRISC or equivalent designation.
•    Demonstrate solid knowledge on technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks (i.e. NERC CIP, DFARS, NIST CSF)
•    Capable of identifying, evaluating and mitigating significant risks within an enterprise
•    Strong working experience with Microsoft Office Suite and GRC tools (i.e. RSA Archer)
•    Ability to document and explain findings, risks and vulnerabilities to both business and technical stakeholders
•    Possess strong influencing, negotiating, and relationship building skill
•    Experience supervising staff
•    Strong oral and written communication skills and the ability to work well with people from many different disciplines with varying degrees of technical experience
•    Possess strong analytical skills and attention to detail
•    Must be able to work independently 
•    Must be proficient in NERC CIP and DFARS regulatory requirements

Bonus Points
•    Bachelor’s Degree or higher strongly preferred with experience in IT Audit or Advisory, IT Risk & Compliance, Information Security, Computer Information Systems, or Management Information Systems
•    4+ years' experience auditing information systems desired with emphasis around NERC CIP and DFARs regulations
•    Experience working with RSA Archer GRC platform
•    Experience with Big 4 or within an internal audit department desired

About Kiewit 
As one of North America's largest, most respected construction and engineering organizations, with 2018 revenues of $9 billion, Kiewit exists to make a difference. We improve and connect communities across the United States, Canada, and Mexico through complex projects in transportation, water/wastewater, power, oil, gas and chemical, building, industrial and mining. Our services are as diverse as the skills of our 20,000-strong workforce to whom we provide challenging, honest work in a caring and collaborative culture. A sense of adventure, pride and fulfillment is built into every career at Kiewit.

How We’re Different
•    Consistently ranked within the top five of the “Top 400 Contractors” according to Engineering News-Record 
•    Top-tier health, dental and vision insurance available from Day One of employment
•    401K savings plan that includes company dollar-for-dollar match on contributions up to 6 percent of base pay
•    Our employees are entitled to accrue at least 20 days paid time off each year
•    We spend an average of $8,500 per employee each year on training and career development and reimburse up to $5,250 per year in outside tuition costs

Kiewit is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Nearest Major Market: Omaha
Nearest Secondary Market: Council Bluffs

Job Segment: Risk Management, Compliance, Engineer, Consulting, Law, Finance, Legal, Engineering, Technology

Apply now »
Apply now
Share this Job