Job Description

Job Details
Description
Job Summary The IT analyst - Governance, Risk and Compliance (GRC) reviews information security requirements in association with client questionnaires and RFPs/RFQs. Additionally, this position supports document requests related to IT audits, compliance and risk management; and supports the Information Security awareness training program as related to tracking compliance and managing consequences for non-compliance. The IT analyst will be responsible for managing and monitoring incoming work for the GRC team via email in a follow-the-sun support model. Providing support to the US team by documenting incoming requests and responding to inquiries. The IT analyst will provide back-up support for updating weekly Excel charts and graphs used for status reporting. Due to the global nature of the business, the IT analyst will be required to flex their work hours to accommodate various time zones, especially in the beginning when training with the US team. The IT analyst functions as a member of the Governance, Risk & Compliance (GRC) team, and reports to the GRC Team Lead. The GRC Program resides under the Chief Information Security Officer (CISO) who oversees the Global Corporate Services (GCS) Information Security Team. Primary Duties & Responsibilities

• Manage, monitor, and respond to emails in the team’s mailbox.
• Document/log incoming requests on the Excel Document Review Tracker.
• File/organize emails in the appropriate client folder.
• Redirect requestors to appropriate internal resources as needed.
• Provide Excel support on updating weekly/monthly charts included in the team’s weekly status report to the CISO.
• Facilitate updates to Enterprise Legal Management system (ELM) - IS Questionnaire status, closing out old requests or following up on action items.
• Respond to IS questionnaires, RFPs/RFQs in collaboration with GRC team and appropriate internal resources.
• Provide support for documentation requests related to IT audits; gathering artifacts from appropriate internal resources, track progress to ensure timely delivery of all documents to external auditors.
• Provide support to track Milliman’s global offices’ (aka practices) Business Continuity Plans (BCP), Disaster Recovery Plans (DRP) and annual testing documentation of their BCP/DRP.
• Provide support of the annual Acceptable Use Agreement compliance program and monthly Security Awareness Training, including tracking employee and contractor compliance of these programs through reporting. Communicate warnings of consequences for non-compliance, supporting network/email disablement and re-enablement as part of the consequence process.
• Provide support to track internal risk assessment conducted by the practices.
• Provide functional and administrative support to the GRC/OneTrust system including implementing configurations, customization, automation, upgrades and support.
• Support the automation efforts (including building dashboards) in IT GRC processes.
• Perform other GRC team duties as assigned or requested.

• 3+ years of experience in risk management and/or information security with ISO 27001/2 and other compliance frameworks such as NIST, SOC, HIPAA, etc.
• Strong understanding of fundamental information security concepts and technology.
• Experience with IT GRC/OneTrust platform is a plus.
• Strong work ethic with attention to detail.
• Ability to interpret information security data and processes to identify potential compliance issues.
• Excellent verbal and written communication skills including the ability to prepare documentation, reports, and build consensus across a broad group.
• Ability to clearly and effectively communicate information security matters to executives, auditors, and end-users.
• Excellent project management skills including the ability to prepare, prioritize and complete work plans independently.
• Decision-making and problem-solving skills including the ability to clearly define and resolve issues or make recommendations.
• Appropriate education such as a bachelor’s degree in Computer Science or a minimum of 3+ years of information systems security or related field.
• Strong experience with Microsoft O365 suite of applications.