Kansas City Southern Railway IT Governance, Risk and Compliance (GRC) Analyst in Kansas City, Missouri
IT Governance, Risk and Compliance (GRC) Analyst
The IT Governance, Risk and Compliance (GRC) analyst protects the confidentiality, integrity and availability of Kansas City Southern Railway’s information systems. Serves as an advisor to management and peers in defining, recommending and implementing necessary policies, controls and procedures to cost-effectively assess and manage security-related risk. The IT GRC Analyst manages and coordinates information security risk analyses, the maintenance of compliance records, and reporting mechanisms.
Supports the initiatives of the information security program and coordinates with the various lines of business as needed
Conducts risk assessments that include risk identification, risk quantification, compensating controls identification, risk mitigation opportunity identification and business recommendations.
Conducts and manages security risk assessments of current and prospective information hardware, software or service providers to ensure that adequate controls are in place to protect company interests.
Maintain and monitor key risk and performance indicators
Developing and maintaining reports and dashboards for management reporting
Assisting with the development and implementation of new IT risk initiatives, including policies, processes and awareness programs
Assisting with training and awareness efforts
Identifies obsolete standards for possible retirement. Manages the policy exception requests process. Provides follow up to ensure review of expiring exception authorizations.
Consults with all company internal personnel to provide guidance and understanding of information security principles, standards and industry best practices.
Work closely with leadership and IT teams to monitor compliance work to accomplish goals and maintain operations.
Serve as the point of contact and liaison for GRC-related issues.
Bachelor's degree from four-year college or university or related experience in information technology
Minimum 3 years of experience with information technology
Or equivalent combination of education and experience
Preferred degree concentration involving critical thinking. Including Economics and/or STEM coursework (Science, Technology, Engineering, Mathematics).
Experience in risk quantification.
Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or related certification.
Knowledge and experience of applicable frameworks and regulatory requirements, e.g., HIPAA (Health Insurance Portability and Accountability Act), ISO 2700x, PCI (Payment Card Industry) DSS (Data Security Standard, NIST (National Institute of Standards and Technology), NIST Cyber Security Framework, ITIL
Experience with GRC tools (e.g. Archer, ServiceNow, Metric Stream, etc.)
Experience in information security governance, including organizational controls, audits, IT frameworks, IT governance, internal and external audit and compliance functions;
Experience in customer service and relationship building preferred
Demonstrated capability to learn and adapt to new situations and requirements in a dynamic environment.
Excellent verbal, written, and interpersonal communication skills, including ability to communicate effectively and build consensus with teams across organizational lines, including business leaders/managers, administrators and operators. The duties listed are representative of the job; however, it in no way states or implies that these are the only duties a person may be required to perform. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or is an essential function of the position.
We value a culturally diverse workforce and are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, gender identity, sexual orientation, national origin, disability status, protected veteran status, or any other legally protected basis, in accordance with applicable law.
In 1887, Arthur Stilwell constructed a north-south railroad while others were heading east and west, setting the tone for a century-old legacy of outstanding vision; entrepreneurial spirit; resilience in the face of adversity; and, willingness to challenge conventional wisdom. Building on that legacy, our culture is further defined by a new vision for the future and a core set of values - Safety, Customer Focus, Communication, Teamwork, Initiative & Innovation, and Diversity & Civility. We believe that the way we do business is as important as the business we do.
In addition to a culture that allows employees to thrive, we encourage resourcefulness with an award, recognizing employees who see a problem (or opportunity), find a solution, and use whatever authority and resources are available to get a job done well - accomplishing what was previously thought could not be done.
If you want to do work that is creative and strategic, be heard, grow professionally, be valued by your employer, and know that you are making an important contribution to an essential industry, a global supply chain, and the larger economy, Kansas City Southern may be the place for you.
Kansas City, Missouri, United States