Governance Specialist is a key team member of DFIN's IT Governance Risk and Compliance (GRC or IT GRC) organization and is responsible for IT Governance and IT Risk activities that both support and provide oversight to IT, Product Engineering, Infrastructure and Security teams as well as DFIN suppliers and customers. This position is responsible for conducting IT Governance Tasks that align and contribute to the overall success of the broader GRC team, which works under the leadership of DFIN’s CISO.

Integral to the role is the ability to manage Governance activities to protect DFIN and our clients’ data. Focus is given to maintaining policy compliance, process and organizational policies, standards documentation, information security governance and risk management functions. Additional focus is applied to implementing and refining policies, standards and procedures that help promote the control framework’s adoption and alignment throughout DFIN. Furthermore, the position plays a key role in continual process improvements and evolution as it relates to IT Security Risk Assessments, Policy Exceptions and the strategic vision of IT Governance

Work is typically performed under minimal to no supervision, with only guidance about overall goals and objectives. Must be able to prioritize work based on evaluation of short term and long-term goals of the department and team. Able to independently evaluate processes, identify areas of improvement, and incorporate into overall work objectives. Duties are defined below:

• Coordinate the development of best practice policies and standards based on various governance frameworks.
• Ensure all IT control are documented and assigned control owners to establish accountability.
• Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments
• Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, ISO, NIST, etc.).
• Monitoring IT controls across the organization.
• Collaborate effectively adapt the process, risk, control framework, map organizational controls and establish the accountability and ownership for IT risk management and control activities.
• Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, ISO, NIST, etc).
• Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units.
• Support IT GRC capabilities such as enterprise security risk management compliance
• Policy creation, updates, and overall management and organization of shared documentation on SharePoint
• Control Self Assessments and Control Gap Analysis

• Third party risk management and reporting
• Maintaining a Risk Register
• Documenting and evaluating policy exception requests
• Responsible for developing and deriving KPIs from a controls baseline
• Global analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate
• Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the ITGRC program.
• Remediation and risk mitigation planning, implementation, and oversight.
• Creation, documentation and maintenance of governance processes to oversee ITGRC programs
• GRC policy enforcement across the enterprise.
• Education of Governance principles, polices, and standards enterprise wide.
• Responsible for identifying, analyzing and resolving complex problems. Manage, monitor, and ensure timely updates to planned remediation efforts
• Interact with AppSec team to assist in scheduling and testing of third-party pen tests.
• Client Security Reviews and inquiries

The qualifications below are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• 5+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution.
• Experience working in an IT Governance, Risk and Compliance role
• Working knowledge of: SOC 2, SOX404, ISO 27001, NIST CSF, GDPR, PCI, CCPA, HiTrust,
• Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks.
• Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.
• Experience with SOC 2, SOC 404 audits and/or ISO Certifications
• Proficient Microsoft o365 skills with an emphasis on Word and Excel (e.g., vlookup, Pivots Tables, etc.)
• 2+ years of experience using Service Now
• Very strong communication (verbal and written) skills and the ability to present with clarity
• Able to mentor junior level team members in the use of tools and/or systems in the position.
• Some experience with project management (for example: planning, organizing, and managing resources to bring about the effective completion of specific project goals and objectives) is helpful.

• Bachelor’s degree in discipline related to functional work or role with 5-10 years of relevant GRC work experience
• Industry recognized certifications such as CISSP, CISM, CRISC, CISA, or equivalent