IT GRC Analyst 4
NuScale Power · Portland, Oregon Metropolitan Area
- Hybrid
- Full-time
- $119,000 / year
- Portland, Oregon Metropolitan Area
Job highlights
- Support IT governance, risk, and compliance initiatives.
- Identify, assess, and mitigate IT risks.
- Ensure compliance with regulations and standards.
- Collaborate on framework implementation and audits.
- Perform routine audit activities and maintain risk registry.
About the role
IT GRC Analyst
POSITION SUMMARY:
Reporting to the Manager, IT Compliance, this position will be responsible for supporting the organization's governance, risk management, and compliance initiatives. This role involves identifying, assessing, and mitigating risks while ensuring compliance with policies, regulatory requirements, and industry standards. The IT GRC analyst collaborates with internal and external teams to maintain and improve the implementation of industry frameworks and standards, support audits, and develop business processes. This position will assist in the performance of routine audit activities such as quarterly user access reviews, risk registry maintenance, and documentation updates.
Essential Duties And Responsibilities
Governance
- Policy and procedure development for IT General Controls and related functions
- Framework alignment of COSO, NIST, ISO, & ITIL to ITGCs in support of Sarbanes-Oxley (SOX)
- Reporting and communication of ITGC compliance status to management
- Stakeholder coordination during development and updates of IT controls
Risk Management
- Risk assessment support
- Control development, testing, and monitoring
- Issue tracking and remediation
- Risk register maintenance
Compliance
- Regulatory compliance tracking
- Audit support
- Training and awareness
- Compliance testing
Performs other duties as assigned.
CORE COMPETENCIES:
To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies.
- Problem solving: Identifies and resolves problems in a timely manner, gathers and reviews information appropriately. Uses own judgment and acts independently; seeks input from other team members as appropriate for complex or sensitive situations.
- Oral/written communication: Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, is able to create, read and interpret complex written information. Ability to develop strong interpersonal networks within the organization.
- Planning/organizing: Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently.
- Adaptability: Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events.
- Dependability: Consistently on time and at work, responds to management expectations and solicits feedback to improve performance.
- Team Building: Capable of developing strong interpersonal networks and trust within the organization.
- Safety Culture: Adheres to the NuScale Safety culture and is expected to model safe behavior and influence peers to meet high standards.
- Quality Assurance: Demonstrates understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and ASME NQA-1.
Skills, Qualifications And Abilities
- Education: A Bachelor’s degree in Computer Science, Business Information Systems, Cybersecurity, or related field is required. Alternatively, 4 additional years (9 years total) of full-time, directly relevant working experience may be considered in lieu of a 4-year degree.
- Experience: A minimum of 5 years of full-time working experience in IT environment with at least 2 of those years specific to audit, compliance, risk management, or security. Hands on work with risk assessment, control testing, risk management, and policy development. Knowledge of software used in the performance of GRC activities such as Oracle RMC, Azure identity governance, privileged access management, user access reviews, and model-based system engineering are preferred.
- Industry Requirements: Eligible to work under Department of Energy 10 CFR Part 810.
PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Ability to understand and communicate clearly using a phone, personal interaction, and computers.
- Ability to learn new job functions and comprehend and understand new concepts quickly and apply them accurately in a rapidly evolving environment.
- The employee frequently is required; to sit and stand; walk; bend, use hands to operate office equipment; and reach with hands and arms.
- Ability to travel nationally and internationally using common forms of transportation.
Disclaimer: Employee(s) must perform the essential duties and responsibilities with or without reasonable accommodation efficiently and accurately without causing significant safety threat to self or others. The above statements are intended to describe the general nature and level of work being performed by employee(s) assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and/or skills required of all employees in this classification.
NuScale Power, LLC is an equal opportunity employer and does not discriminate against otherwise qualified applicants on the basis of race, color, creed, religion, ancestry, age, sex, marital status, national origin, disability or handicap, or veteran status.
Pay And Benefits
The target pay range for this position is $99,175 - $119,694 annually. The full pay range is $88,915 - $139,073 annually.
At NuScale, compensation decisions are determined using factors such as relevant job-related skills, full-time working experience, education and training, equity within the department.
For information on employee benefits, please visit our Careers Overview page: Employee Benefits | NuScale Power
Key skills/competency
- IT GRC Analyst
- Governance, Risk, and Compliance (GRC)
- IT General Controls (ITGC)
- Sarbanes-Oxley (SOX)
- NIST
- ISO
- ITIL
- Risk Assessment
- Audit Support
- Regulatory Compliance
Skills & topics
- IT GRC Analyst
- GRC
- Governance
- Risk Management
- Compliance
- IT Audit
- SOX
- NIST
- Cybersecurity
- IT Controls
How to get hired
- Tailor your resume: Highlight your experience in IT GRC, audit, risk management, and compliance. Quantify achievements related to policy development and risk mitigation.
- Showcase framework knowledge: Emphasize your familiarity with COSO, NIST, ISO, and ITIL, and their application to ITGCs and SOX compliance.
- Prepare for technical questions: Be ready to discuss your experience with risk assessments, control testing, and GRC software like Oracle RMC or Azure identity governance.
- Demonstrate communication skills: Practice articulating complex GRC concepts clearly, as strong oral and written communication is vital for stakeholder coordination and reporting.
- Research NuScale Power: Understand their mission, safety culture, and the nuclear energy industry to align your application and interview responses.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key frameworks the IT GRC Analyst at NuScale Power must be familiar with?
- The IT GRC Analyst at NuScale Power needs to be familiar with COSO, NIST, ISO, and ITIL frameworks, particularly in aligning them with IT General Controls (ITGCs) to support Sarbanes-Oxley (SOX) compliance.
- What specific software experience is preferred for the IT GRC Analyst role at NuScale Power?
- Preferred software experience for the IT GRC Analyst at NuScale Power includes GRC tools like Oracle RMC, Azure identity governance, privileged access management, and user access reviews.
- Can I work remotely as an IT GRC Analyst at NuScale Power?
- Yes, this IT GRC Analyst position is available for remote work within the contiguous United States, with preference for the Houston office.
- What is the minimum experience required for the IT GRC Analyst role at NuScale Power?
- A minimum of 5 years of experience in an IT environment is required, with at least 2 of those years specifically in audit, compliance, risk management, or security for the IT GRC Analyst role.
- What educational background is required for the IT GRC Analyst position?
- A Bachelor's degree in Computer Science, Business Information Systems, Cybersecurity, or a related field is required, or an equivalent of 4 additional years of directly relevant work experience in lieu of the degree.
- Does NuScale Power require specific industry knowledge for the IT GRC Analyst?
- Yes, candidates must be eligible to work under Department of Energy 10 CFR Part 810 for the IT GRC Analyst position at NuScale Power.
- What are the primary responsibilities of an IT GRC Analyst at NuScale Power?
- The primary responsibilities include supporting governance, risk management, and compliance initiatives, identifying and mitigating risks, ensuring regulatory compliance, supporting audits, and maintaining risk registers.
- How does NuScale Power handle compensation for the IT GRC Analyst role?
- NuScale Power determines compensation based on relevant job-related skills, experience, education, and training, within the provided pay range of $88,915 - $139,073 annually.