IT Data Governance Analyst
Description:
Pennsylvania Lumbermens Mutual Insurance Company
Position: IT Governance Analyst III
Department: Information Technology
Reports to: SVP, Information Technology
Position Description:
Supports the IT Leadership Team by ensuring that controls are in place to keep the IT systems and operations are compliant with regulations, internal audit, cyber security frameworks, and best practices to support IT and Enterprise Risk Management (ERM). The Analyst maintains IT policies and procedures, controls, and metrics. They conduct IT Vendor Management and support the Data Governance Committee. The Analyst works closely with IT, CISO and all levels of PLM staff, leadership, and internal and external parties.
· Helps administer IT compliance and key controls and standards by maintaining and updating IT Policies and Procedures and tracking status a centralized control library.
· Act as a liaison between the SVP of Information Technology, Cyber Security Team, Third Parties, and company Management to support IT-related due diligence and ongoing controls management for third-party service providers.
· Uses the Governance, Risk, and Compliance system (GRC) to track IT vendor management, vendor agreements, incident management, controls dictionary management, and other features and functions.
· Performs internal and third-party on and offboarding tasks.
· Expands the GRC platform with workflows and other configurations to support efficient workflows and processes in the GRC platform.
· Under direction of the SVP of IT, leads projects to fulfill IT-related internal and external audit requests; maintains the status of the management responses to action items and helps ensure they are closed as committed.
· Facilitates IT Change Control meetings and maintains Change Control history.
· Processes IT invoices using the PLM Accounts Payable system and monitors vendor spend against established agreements.
· Compiles vendor management and other related metrics and various reports for communications with all audiences at PLM.
· Assists the VP of IT with team and committee management including support for team meetings, issue and opportunity tracking and follow-up, and acts as the Secretary for the Data Governance Committee.
· May support IT resource scheduling by working with IT Leadership to minimize resource contention to ensure timely delivery according to established priority.
· Other duties as requested.
Standards of Performance:
% Monthly Report Components Delivered Timely
% IT SLAs Achieved
% IT Tickets Backlogged
# Monthly Control Reviews Conducted
% Audit Findings Mitigated Timely
% Audit Findings Re-opened
% Third Party Offboarded Timely
% Vendor Cyber Reviews Completed Timely
% Personal Cyber Risk Score
Skills:
Knowledge of general IT governance principles, frameworks, best practices (e.g., CoBIT.)
Knowledge of standard IT policies, practices, and key operational controls.
Knowledge of high-level cyber security concepts and controls.
Excellent analytical thinking and problem-solving skills.
Strong time management and group coordination/facilitation.
Goal oriented; can take initiative and drive for results.
Excellent verbal and written communication skills.
Excellent teamwork and communication skills to work across teams.
Project and task management tools using Microsoft Office or other tools.
Bachelor’s degree in IT or related discipline and two years of relevant experience.
Experience with OnSpring Governance, Risk, and Compliance (GRC) platform desired.
Professional certifications such as CRISC, CISA, or other related desired.
Experience as an internal or external auditor is helpful and desired.
Physical Requirements:
Ability to hear.
Ability to speak clearly.
Ability to write.
Ability to walk, stand and sit for extended periods of time.
Dexterity of hands and fingers to operate a keyboard, mouse, and other components.
Occasional evening and weekend work to meet deadlines or address operational issues.
Some travel may be required for project work, team building, and company collaboration.