GRC Architect

GRC Architect

Location: Albany, NY- Hybrid

Job Description:

• Day-to-day technical administration of RSA Archer platform.
• Alignment of service offering business needs with platform configurations and capabilities.
• Managing upgrades and patching across RSA Archer environments.
• Working with business units to determine requirements and maintain RSA Archer procedures and documentation.
• Creation and maintenance of RSA Archer dashboards and reports.
• Prototyping workflows in RSA Archer risk management system.
• Evaluation of customer workflows and processes for use with RSA Archer.
• Conducting risk assessments.
• Monitoring compliance programs.

Required Qualifications:

• Familiarity with security and compliance, internal controls, ERM, and audit assessments processes with focus on NIST 800-53, GAO Green Book.
• Extensive experience with RSA Archer GRC processes and configuration, including application design, workflow creation, data mapping, custom fields, reporting, and dashboard development.
• Knowledge of creating and managing data feeds for data import/export from various sources.
• Experience with system integration using APIs, Web Services, scripting, and database management (SQL).
• Experience with assessing and analyzing business requirements, current environment and GRC technology choices to produce technical solutions and/or solution alternatives that meet business needs
• Excellent communication skills to work with stakeholders at all levels, gather requirements, and present technical information clearly.
• Proven track record of delivering RSA Archer projects on time and within GRC standards.
• Experience in configuring the Cross-field functionality to associate the records within the same applications or other applications and questionnaires

Preferred/Desired Qualifications:

• Archer Certified Specialist or Archer Certified Expert certifications are highly desirable.
• Experience with the following applications in RSA Archer: Issues Management, Policy Program, Privacy Program, Bottom-Up Risk Assessment, Top-Down Risk Assessment, Self-Assessment Management, IT Controls Assurance, IT Risk Management, Data Governance, Loss Event Management and Key Indicator Management.