Job Specifications
Requistion Number: 26210
When you work for AmeriGas, you become a part of something BIG! Founded in 1959, AmeriGas is the nation's premiere propane company, serving over 1.5 million residential, commercial, industrial and motor fuel propane customers. Together, over 6,500 dedicated professionals will deliver over 1 billion gallons of propane from 1,800+ distribution points across the United States.
Job Summary:
The Global GRC Senior Analyst plays a critical role in ensuring that the organization operates within its regulatory, legal, and compliance obligations while managing risk effectively. The Global GRC Senior Analyst will report directly to the Global Information Security GRC Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain governance, risk, and compliance processes. The ideal candidate is detail-oriented, analytical, and experienced in regulatory compliance, risk management frameworks, and governance best practices.
The Global GRC Senior Analyst plays a critical role in ensuring that the organization operates within its regulatory, legal, and compliance obligations while managing risk effectively. The Global GRC Senior Analyst will report directly to the Global Information Security GRC Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain governance, risk, and compliance processes. The ideal candidate is detail-oriented, analytical, and experienced in regulatory compliance, risk management frameworks, and governance best practices and must develop and apply continuous improvement strategies in all aspects of job functions.
Key Responsibilities:
Governance:
Develop and maintain corporate policies, procedures, and frameworks to align with industry best practices (e.g., NIST CSF, SOX, PCI, etc.).
Assist with the development and maintenance of GRC process and procedure documentation.
Ensure IT functions are in compliance with best practices and company policies and standards through assessments (i.e. peer reviews, audits, etc.)
Track key risk indicators and security metrics
Risk Management:
Assist with conducting gap assessments to identify threats, vulnerabilities, and potential impacts on the organization.
Develop and maintain the risk register, ensuring risks are documented, prioritized, and mitigated.
Perform third-party/vendor risk assessments to evaluate potential risks associated with external partnerships and perform on-going monitoring to assess risk of engagement.
Maintain centralize documentation, continuous monitoring for vendors, formal escalation protocols for non-compliance to ensure alignment with enterprise risk tolerance.
Document risk acceptance decisions and compensating controls
Develop and maintain templates for consistent risk documentation
Compliance:
Ensure compliance with regulatory requirements (e.g., GDPR, HIPAA, SOX, PCI-DSS) and industry standards through monitoring and reporting metrics, security exceptions and using other methods to monitor compliance
Drive compliance by maintaining the compliance framework to ensure policies and standards align to regulatory requirements, laws and best practices.
Stakeholder Engagement:
Collaborate with business units to understand critical processes
Educate stakeholders on risk management concepts and frameworks
Partner with technical teams to validate remediation plans
Present risk findings to appropriate governance committees
Coordinate and collaborate with stakeholders to establish and track metrics for governance programs.
Collaborate with stakeholders to monitor regulatory and industry developments to ensure compliance with changes.
Coordinate and collaborate with stakeholders to track outcomes and metrics for all third-party breaches.
Advise stakeholders on compliance requirements and incorporate new metrics into governance life cycle process, including new tools as they are onboarded.
Coordinate the review of Policies and Standards through collaborating with stakeholders.
Collaboration and Reporting:
Partner with IT, Legal, HR, and other departments to ensure alignment on risk and compliance efforts.
Create and deliver regular risk and compliance metrics for senior leadership and boards.
Serve as a subject matter expert (SME) for GRC-related queries and initiatives.
Education and Experience:
Bachelor's degree in Information Security, Business Administration, or related field (required); advanced degree preferred.
4-6 years of experience in GRC, risk management, or compliance roles.
Skills and Competencies:
Strong understanding of GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC, LogicGate).
Familiarity with risk management frameworks (e.g., NIST 800-53, COBIT, FAIR) and compliance standards.
Exceptional analytical, problem-solving, and organizational skills.
Strong written and verbal communication skills, with the ability to interact effectively with stakeholders at all levels.
Certifications suc