We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
UST jobs

Senior Product Manager

UST
United States, California, San Jose
Jan 16, 2026
Role description

The IT Risk & GRC Analyst is responsible for supporting enterprise-wide initiatives that provide reasonable assurance that IT risks are effectively identified, assessed, managed, and reported. This role ensures the execution of Risk and Control Self-Assessments (RCSA), control testing, issue management, and risk reporting in alignment with the organization's governance framework.

The position supports the implementation, administration, and continuous enhancement of ServiceNow IRM and demonstrates a strong understanding of end-to-end Governance, Risk, and Compliance (GRC) frameworks and processes. The role also assists in monitoring compliance with internal policies, regulatory obligations, and industry standards to strengthen the organization's overall control environment.

Key Responsibilities



  • Execute IT Risk and Control Self-Assessments (RCSA) by partnering with control owners to identify, assess, and document key risks, controls, and residual risk ratings.
  • Support ongoing IT risk management activities, including maintaining the IT Risk Register, performing risk assessments across processes, applications, and infrastructure, and monitoring changes in risk exposure.
  • Track, validate, and report on issue remediation arising from RCSA, audits, and risk assessments; collaborate with issue owners to define corrective action plans and ensure timely resolution.
  • Generate and maintain risk reports, dashboards, and metrics for management and governance committees, ensuring data accuracy, integrity, and traceability within the system of record (e.g., ServiceNow IRM).
  • Apply knowledge of GRC and IT control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, GLBA/NYDFS) to ensure consistency in assessments, control mappings, and reporting.
  • Support internal and external audit activities by providing control documentation, evidence, and status updates.
  • Identify and recommend process and tool enhancements to improve efficiency, automation, and overall GRC program maturity.
  • Collaborate with IT, Security, Data, and Risk teams to strengthen governance and control practices.
  • Support Unified Compliance Framework (UCF) integration within ServiceNow IRM to standardize control mappings, automate evidence collection, and improve compliance reporting.



Required Qualifications



  • Experience in IT Risk Management, IT Controls, IT Audit, or GRC functions within financial services or a technology-driven organization.
  • Hands-on experience with ServiceNow IRM or other GRC platforms, including risk, control, and issue management.
  • Experience executing RCSA, control testing, and issue management processes.
  • Working knowledge of GRC and IT control frameworks, including:


    • NIST Cybersecurity Framework (CSF)
    • ISO 27001
    • COBIT
    • FFIEC CAT
    • GLBA / NYDFS Part 500


  • Proficiency in data analytics and SQL scripting to support risk assessments, control testing, and reporting.
  • Strong understanding of core IT control domains, including:


    • Access management
    • Change and configuration management
    • Asset management
    • Backup and recovery
    • Vulnerability management
    • Network security and operations
    • SDLC and product management
    • Data management and governance



Skills

GRC, SQL, Data analytics,Risk

Applied = 0
MORE JOBS LIKE THIS

(web-df9ddb7dc-hhjqk)