The Technology Risk Analyst serves as a Governance, Risk and Compliance subject matter professional responsible for ensuring enterprise adherence to regulatory requirements, internal policies, and compliance program standards. This role provides lead responsibilities over Governance function including Policy Governance, Policy Exception Management, Metrics and Risk Monitoring while partnering with senior stakeholders to assess risk, influence control design, and strengthen the organization’s overall compliance posture. 

• Compliance & Controls Validation 

• Serve as a subject matter expert for SOC, PCI, SOX, NYDFS and other regulatory compliance frameworks, providing strategic guidance to business and technology leadership. 

• Lead compliance risk assessments and influence control design decisions across complex business processes and systems. 

• Partner with senior leadership to align compliance initiatives with organizational risk tolerance and business objectives. 

• Audit Support 

• Act as the primary liaison for external auditors and third-party assessors for assigned audits. 

• Lead audit walkthroughs, represent management positions, and provide risk-based challenge to audit findings when appropriate. 

• Drive enterprise-level remediation efforts, ensuring sustainable corrective actions rather than one-time fixes. 

• Policy & Process 

• Own the lifecycle management of compliance policies, standard, and procedures, including governance approval and enterprise rollout. 

• Own Policy Exception Management process including intake, review, reporting and periodic renewal process 

• Translate regulatory and audit requirements into actionable business and technical controls. 

• Influence governance practices across multiple business organizations to improve compliance maturity. 
• Establish a repeatable Metrics & Monitoring capability to give leadership visibility into technology risk posture, while also formalizing our Policy Exception Management process 
• Reporting 

• Develop executive-level reporting on compliance posture, risk trends, and remediation progress. 

• Present compliance insights and recommendations to senior management and cross-functional leadership. 

• Continuous Improvement 

• Proactively monitor regulatory changes and assess business impact, driving timely program updates. 

• Mentor and provide guidance to junior compliance analysts, reviewing work product for quality and consistency. 

• Own the administration, configuration and optimization of GRC tooling and workflows to support scalable risk, control, and issue management. 

• Champion automation and data-driven approaches to reduce fragmentation of risk and control information and improve operational usability at scale. 

• Identify opportunities to reduce compliance burden while maintaining strong control environments. 

• Bachelor’s degree in Business, Information Systems, or related field. 

• Experience: 4+ years in compliance, internal audit, or risk management roles. 

• Certifications: Preferred CISA, CISM, or equivalent. 

• Strong knowledge of SOX, SOC, PCI, and IT governance frameworks. 

• Excellent analytical, communication, and stakeholder management skills.