IT GRC Analyst

Overview:
We are not just offering a job but a meaningful career Come join our passionate team

 

As a Fortune 50 company, we hire the best employees to serve our customers, making us a leader in the insurance and financial services industry. State Farm embraces diversity and inclusion to ensure a workforce that is engaged, builds on the strengths and talents of all associates, and creates a Good Neighbor culture.

 

We offer competitive benefits and pay with the potential for an annual financial award based on both individual and enterprise performance. Our employees have an opportunity to participate in volunteer events within the community and engage in a learning culture. We offer programs to assist with tuition reimbursement, professional designations, employee development, wellness initiatives, and more

 

Visit our Careers page for more information on our , and of joining the State Farm team

Responsibilities:
As an IT GRC Analyst, you will be a member of an Enterprise Technology (ET) Cross Functional Team (CFT) in Risk and Compliance. As part of this team, you will collaborate with assigned ET Product areas to support them in effectively documenting and managing the risks associated with their technology deployments. CFT members are expected to develop T-shaped skills by diving deeply into their primary discipline while also broadly learning the responsibilities of their fellow CFT members. Roles you may be assigned or asked to develop expertise in include:

Business Area Privacy Representative - Engages with ET product teams to provide privacy expertise. This work adheres to direction from the Office of Privacy.

Primary responsibilities include:

• Business Area Privacy Representative

• Establish and increase industry privacy knowledge

• Participate in risk activities, including those facilitated by other Risk Facilitators, to provide privacy input

• Complete privacy risk deliverables

• Consult on Ad Hoc privacy requests

• Compliance related tasks such as tracking completion of privacy training

Risk Facilitator - Engages with ET product teams to lead them through applicable risk management processes. This work adheres to direction from applicable governance areas such as Enterprise Risk Management (ERM), Enterprise Compliance & Ethics (ECE), Enterprise Third Party Risk Management (ETPRM), and Information Security.

Primary responsibilities include:

• Participate in product planning or other similar activities to help identify new and emerging risks

• Facilitate the Information Security and Privacy Review Board (ISPRB) process and Integrated Risk Management (IRM) framework activities as applicable

• Re-evaluate risks with ET Product Teams as material changes occur and ongoing risk management expectations trigger reviews

• Consult with ET Product teams on risk management activities coordinated by other areas (e.g. Business Continuity, Control Testing, and Asset Management)

Vendor Risk Analyst - Engages with ET Product Teams to facilitate vendor risk assessments and provide oversight of vendor risk management and mitigation activities for all vendor engagements. This work adheres to direction from ETPRM and follows the Enterprise Vendor Management Policy (EVMP) Standard Operating Procedures (SOPs).

Primary responsibilities include:

• Collaborate with ET Product Teams to complete Vendor Risk Assessments and related stakeholder reviews using tools such as Aravo

• Reviewing other risk work, such as RARs or risk profiles/assessments, to determine if a Vendor Risk Assessment is aligned

• Completing or contributing to vendor event summaries due to mergers, acquisitions, and potential data breaches as applicable

Qualifications:
Required skills:

• Positive attitude and strong interpersonal skills contributing to a collaborative team environment

• Excellent communication skills including listening, written and oral presentations both in meetings and with larger groups

• Ability to build and maintain strong working relationships with a variety of levels including executive leadership

• Self-Starter with demonstrated accountability, initiative, and ability to manage competing priorities

• Ability to operate in a highly sensitive environment ensuring protection of confidential information

Preferred skills:

• Experience working with one or multiple risk disciplines/processes is a plus (e.g. risk facilitation, information security, vendor, and privacy)

• Demonstrate both technical and business acumen to support quality, risk-informed decisions

• Experience working in an agile environment

• Strong learning agility and desire for continued development in gaining vendor, risk and/or privacy certifications (e.g. CISM, CRISC, CGEIT, CISM, CRVPM, CIPP/US, CIPM, CCEP)

HYBRID: Qualified candidates (in or near hub locations listed below) should plan to spend time working from home and some time working in the office as part of our hybrid work environment.
HUB LOCATIONS: Dunwoody, GA; Richardson, TX; Tempe, AZ; or Bloomington, IL

SPONSORSHIP:  Applicants for this position are required to be eligible to lawfully work in the U.S. immediately; employer will not sponsor applicants for U.S. work authorization (e.g. H-1B visa) for this opportunity.

Competitive Benefits, including:

Health Insurance

401k Plan

Dental/Vision plans

Life Insurance

Paid Time Off

Annual Merit Increases

Tuition Reimbursement

Health Initiatives

For more details visit our page

SFARM

#LI-Remote

---