<p>Company Details</p> <p>Company URL: https://www.berkleytechnologyservices.com/</p> <p>Berkley Technology Services (BTS), a member company of W. R. Berkley Corporation, has facilities located in Des Moines, Iowa and Wilmington, Delaware and provides results-driven software applications, system connectivity, and world-class operational support across the enterprise. Offering an entrepreneurial and innovative culture, we enable team members to be on the cutting edge of technology while delivering high quality solutions. Additionally, we provide a competitive compensation and benefits package including a casual dress code and flexible work arrangements. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world. Visit us at https://berkley-bts.com to learn more about BTS and the career opportunities we have available!</p> <p>Berkley Technology Services: Right Team, Right Technology, Simple and Secure.</p> <p>Responsibilities</p> <p>Berkley Technology Services (BTS) is hiring an IT GRC Analyst (IAM/DLP) reporting to the Director, IT Regulatory and Compliance and will be located in either Urbandale, IA/Wilmington, DE/ Irving, TX/ Manassas, VA. This is an exciting role for an IT GRC analyst to be part of a global Fortune 400 (W.R. Berkley) Governance Risk and Compliance program's operational activities. This role may be filled at the Sr. Analyst level based on the candidate's ability to be a thought-leader, qualified subject matter expert, and proven ability to help drive the program and requirements. Working in concert with other Compliance, Information Technology, Information Security, and Business Unit functions, the IT GRC Analyst will ensure our overall control environment and corresponding activities/controls are aligned to our policies, standards and/or relevant regulations. This role will focus on projects around identify and access management and data protection processes. On our team, you'll actively engage with technical and compliance/legal teams, business units to perform and advance IT GRC operations. To do this, you'll be hands-on and help drive processes and procedures with other IT GRC professionals dedicated to the mission and vision of Berkley IT GRC operations.</p> <ul> <li>Perform process reviews and control assessments around identify and access management and data protection processes, including Cloud-based platforms/environments </li><li>Provide governance and compliance direction around identify and access management and data protection operations to ensure adequate alignment to internal policies and regulatory requirements. Provide feedback to ensure appropriate scope/coverage of processes. </li><li>Assist with issues management to ensure items are documented and tracked for remediation, with direct involvement by either facilitation of discussions, or by being directly involved in the process. </li><li>Familiarity with regulations such as Sarbanes-Oxley (SOX), NY CCR Part 500 Cyber Security Regulation, General Data Protection Regulation (GDPR), and/or California Consumer Privacy Act (CCPA). </li><li>Evaluate data sources and use cases for consideration in the improvement and expansion of the Insider Threat and Risk Program. </li><li>Perform data analysis to identify patterns and trends, and make recommendations to enhance detective and preventive data protection controls </li><li>Provide insight into the scope and coverage of access reviews to ensure compliance policy and regulatory requirements, or to address risks. </li><li>Review processes around user provisioning and de-provisioning, role-based access control (RBAC), and user profiles; and recommend improvements for efficient access reviews and quality of reviews. </li></ul> <p>Qualifications</p> <ul> <li>Minimum of 5 years of hands-on experience within Governance, Risk, Compliance with an emphasis on control/process/vendor assessments and regulatory compliance. </li><li>College Degree, CS, IT or related technical discipline </li><li>Experience within the Insurance or Financial industries, along with relevant certifications as CISA, are preferred. </li><li>Able to demonstrate experience around identity access reporting and reviews, access related controls (hires/terms/transfers), and revocation business impact analysis </li><li>Experience with entitlement review platforms such as Sailpoint, Stealthbits or Varonis </li><li>Experience with data loss prevention platforms such as Digital Guardian and Purview </li><li>Able to demonstrate experience around data protection controls such as endpoint device protection, data classification and data loss prevention procedures. </li><li>Hands on experience with GRC tools such as Archer, AuditBoard, ProcessUnity, OneTrust and ServiceNow etc.. </li><li>Proven ability to guide or train others control frameworks and/or control assessments processes using COBIT, UCF, NIST, CIS 18 and ISO 27001 </li><li>Extremely detail oriented with excellent organizational and planning skills and equally proficient oral and written communication acumen </li></ul> <p>Behavioral Core Competencies</p> <ul> <li>Excellent written and verbal communication skills </li><li>Ability to work collaboratively with cross-functional teams. </li><li>Detail-oriented with strong analytical and problem-solving skills. </li><li>Leadership and communication skills, with the ability to inspire and influence cross-functional teams and senior stakeholders. </li></ul> <p>The Company is an equal employment opportunity employer.</p> <p>Responsibilities Berkley Technology Services (BTS) is hiring an IT GRC Analyst (IAM/DLP) reporting to the Director, IT Regulatory and Compliance and will be located in either Urbandale, IA/Wilmington, DE/ Irving, TX/ Manassas, VA. This is an exciting role for an IT GRC analyst to be part of a global Fortune 400 (W.R. Berkley) Governance Risk and Compliance program's operational activities. This role may be filled at the Sr. Analyst level based on the candidate's ability to be a thought-leader, qualified subject matter expert, and proven ability to help drive the program and requirements. Working in concert with other Compliance, Information Technology, Information Security, and Business Unit functions, the IT GRC Analyst will ensure our overall control environment and corresponding activities/controls are aligned to our policies, standards and/or relevant regulations. This role will focus on projects around identify and access management and data protection processes. On our team, you'll actively engage with technical and compliance/legal teams, business units to perform and advance IT GRC operations. To do this, you'll be hands-on and help drive processes and procedures with other IT GRC professionals dedicated to the mission and vision of Berkley IT GRC operations. - Perform process reviews and control assessments around identify and access management and data protection processes, including Cloud-based platforms/environments - Provide governance and compliance direction around identify and access management and data protection operations to ensure adequate alignment to internal policies and regulatory requirements. Provide feedback to ensure appropriate scope/coverage of processes. - Assist with issues management to ensure items are documented and tracked for remediation, with direct involvement by either facilitation of discussions, or by being directly involved in the process. - Familiarity with regulations such as Sarbanes-Oxley (SOX), NY CCR Part 500 Cyber Security Regulation, General Data Protection Regulation (GDPR), and/or California Consumer Privacy Act (CCPA). - Evaluate data sources and use cases for consideration in the improvement and expansion of the Insider Threat and Risk Program. - Perform data analysis to identify patterns and trends, and make recommendations to enhance detective and preventive data protection controls - Provide insight into the scope and coverage of access reviews to ensure compliance policy and regulatory requirements, or to address risks. - Review processes around user provisioning and de-provisioning, role-based access control (RBAC), and user profiles; and recommend improvements for efficient access reviews and quality of reviews.</p>