Key Responsibilities:
1. Requirements Gathering & Analysis:
– Collaborate with business stakeholders (Risk, Compliance, Audit, Legal, IT) to gather and document functional and technical requirements for GRC systems.
– Conduct workshops, interviews, and surveys to understand business processes, risk management needs, and compliance objectives.
– Analyse and translate business needs into clear system requirements and user stories.
2. GRC System Configuration & Implementation:
– Work with technical teams to implement and configure GRC systems (e.g., SAP GRC, RSA Archer, MetricStream, or other GRC solutions).
– Ensure that GRC systems are set up to support compliance processes, risk management workflows, and audit management processes.
– Assist with system integrations, ensuring seamless data flow between GRC platforms and other enterprise systems (e.g., ERP, Veeva etc.).
3. Process Improvement & Optimisation:
– Identify opportunities for process improvements in governance, risk, and compliance areas through GRC system enhancements.
– Propose and implement GRC system changes that streamline workflows, improve data integrity, and increase efficiency.
– Monitor system performance and recommend adjustments to improve user experience, reporting, and data analysis.
4. Documentation & Training:
– Prepare detailed documentation, including functional specifications, user guides, and system configurations.
– Conduct user training sessions and create training materials to ensure proper utilisation of GRC systems.
– Support end-users by providing guidance on how to use GRC tools for risk management, compliance tracking, and audit processes.
5. Testing & Quality Assurance:
– Develop and execute test plans for new GRC system features, configurations, and integrations.
– Perform system testing, identify defects, and work with technical teams to resolve issues.
– Ensure that GRC solutions comply with internal controls, external regulations, and security requirements.
6. Reporting & Analytics:
– Design and implement reports and dashboards to provide visibility into governance, risk, and compliance metrics.
– Ensure that GRC systems provide real-time analytics, enabling stakeholders to monitor risks, compliance status, and audit findings.
– Assist in the creation of risk assessments, compliance reports, and other documentation required for executive reporting.
7. Support & Maintenance:
– Provide ongoing support for the GRC systems, troubleshoot issues, and ensure the systems are operating effectively.
– Manage system updates, upgrades, and patches to ensure the GRC tools are up-to-date and in compliance with relevant regulations.
– Serve as a liaison between business users and IT for resolving system issues.
Minimum Requirements:
Experience:
– Bachelor’s degree in Business Administration, Information Systems, Computer Science, or a related field.
– 3+ years of experience as a Business Analyst with a focus on GRC systems (SAP GRC, RSA Archer, MetricStream, etc.).
– Proven experience in requirements gathering, system configuration, and implementation of GRC platforms.
– Strong understanding of Governance, Risk, and Compliance processes and frameworks.
Technical Skills:
– Experience with GRC solutions (e.g., SAP GRC, RSA Archer, MetricStream).
– Strong knowledge of business process modelling, workflows, and documentation.
– Familiarity with data integration, reporting tools (e.g., Power BI, Tableau), and database querying (e.g., SQL).
– Comfortable with system testing, including creating test cases and executing user acceptance testing (UAT).
– Communication Skills:
– Strong written and verbal communication skills.
– Ability to translate complex technical concepts into business-friendly language.
– Experience in preparing training materials and delivering training sessions.
– Problem-Solving & Analytical Skills:
– Strong analytical and problem-solving abilities.
– Ability to identify system inefficiencies and suggest improvements.
– Attention to detail and ability to analyse data for risk and compliance reporting.
Desirable:
– Certified Business Analysis Professional (CBAP) or Certified Scrum Master (CSM).
– Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA).
– Experience with Regulatory Standards:
– Knowledge of SOX (Sarbanes-Oxley), GDPR, ISO 27001, or other relevant regulatory frameworks.
– Familiarity with internal controls and audit methodologies.
– Experience in Agile/Scrum Environments:
– Experience working in Agile or Scrum environments for software development and implementation.
Desired Skills:
- GRC Solutions
- Data Integration
- Reporting Tools
- Power BI
- Tableau
- SAP GRC
- RSA Archer
- MetricStream
- GRC Systems