Specialist - IT Governance, Risk and Compliance

Synechron

Overall Responsibilities:

• Support the development, implementation, and maintenance of IT governance frameworks, standards, and control mechanisms
• Conduct IT risk assessments, identify potential threats, and monitor mitigation actions
• Maintain and update the IT risk register and report on risk status to leadership
• Assist with creating, reviewing, and updating policies, procedures, and control frameworks
• Perform periodic compliance evaluations against regulations, standards, and contractual requirements
• Support internal and external audit processes through documentation, evidence collection, and issue tracking
• Conduct control testing, gap analysis, and assessment activities across IT functions
• Monitor adherence to standards such as ISO 27001, NIST, COBIT, and relevant regulatory requirements
• Prepare reports and dashboards on compliance, risks, and audit findings for management review
• Promote awareness and understanding of governance and compliance practices within IT teams

Technical Skills (By Category):

Programming Languages:

• Not mandatory, but familiarity with scripting languages such as PowerShell, Python, or Bash for automation and reporting is a plus

Databases/Data Management:

• Basic understanding of data management principles, data privacy, and security controls in databases (e.g., SQL, NoSQL) is advantageous

Cloud Technologies:

• Not required; however, knowledge of cloud security and controls aligning with governance standards (e.g., ISO 27017, NIST cloud security) is beneficial

Frameworks and Libraries:

• Familiarity with standards such as ISO 27001, NIST CSF, COBIT, and ITIL for governance and risk management

Development Tools and Methodologies:

• Experience with project management and workflow tools (Jira, ServiceNow, MS Project)
• Knowledge of Agile, Waterfall, or hybrid project approaches as they relate to compliance and governance initiatives

Security Protocols:

• Understanding of security controls, data privacy regulations (GDPR, CCPA), and internal policies for IT security and audit readiness

Day-to-Day Activities:

• Support ongoing development and maintenance of IT policies, standards, and control frameworks
• Assist in conducting risk assessments, tracking mitigation, and updating risk registers
• Support internal and external audits by preparing documentation and evidence
• Perform control testing, gap analysis, and compliance checks across different IT units
• Monitor adherence to governance frameworks and recommend improvements
• Collaborate with cross-functional teams to communicate compliance requirements and promote best practices
• Review and update policies, procedures, and controls in response to regulatory or organizational changes
• Prepare reports, dashboards, and presentations for senior management on risk and compliance status