Apply on Employer Site

Athene · 1 day ago

Governance Risk & Compliance Analyst III

West Des Moines, IA

Full-time

Onsite

Mid Level

4+ years exp

Athene is seeking a Governance Risk & Compliance Analyst III to support enterprise technology risk management and IT audit/compliance activities. This role partners closely with IT, Cybersecurity, Internal Audit, and Risk Management to assess risk, strengthen controls, and ensure regulatory and audit readiness in a highly regulated financial services environment.

FinanceFinancial ServicesInsuranceRetirement

Responsibilities

Conduct internal cyber risk assessments to identify risks, control gaps, and improvement opportunities

Manage, track, and report on enterprise technology risks, maintaining an up-to-date risk register

Maintain and enhance IT and cybersecurity controls, policies, and standards aligned to industry frameworks (e.g., NIST) and regulatory requirements (e.g., BMA, NYDFS)

Facilitate ongoing assessments of IT governance and compliance processes

Support cybersecurity metrics, KPIs, and reporting for governance and leadership review

Support the identification, assessment, and ongoing monitoring of risks associated with artificial intelligence (AI) and emerging technology use cases

Partner with technology, legal, compliance, and risk stakeholders to assess AI use cases for governance, control design, and regulatory readiness

Monitor adherence to AI governance standards, policies, and risk management practices, including documentation and control evidence

Support audit and regulatory inquiries related to AI usage, data governance, and technology risk controls

Perform due diligence on key vendors, including assessment of SOC 1 and SOC 2 reports

Monitor third-party risk scores (e.g., BitSight) and coordinate follow-up on relevant findings

Respond to security questionnaires and assessments from business partners, providing clear insight into Athene’s security controls and processes

Partner with Internal Audit and IT teams on technology audits, including scoping, evidence collection, and remediation tracking

Coordinate with external auditors to support SOX IT control testing and request fulfillment

Monitor compliance with key regulatory requirements (e.g., NYDFS) and support readiness for emerging cybersecurity regulations

Track vulnerabilities identified through Athene’s threat and vulnerability management program and support remediation efforts

Coordinate and facilitate cyber incident response exercises, disaster recovery, and tabletop drills

Assist with the security awareness program, including annual training updates and phishing simulations

Develop governance, risk, and compliance (GRC) educational and training materials

Maintain and update Athene’s GRC platform, recommending enhancements as the program evolves

Work closely with technology leadership, cybersecurity teams, and risk management to develop and track remediation action plans

Qualification

IT risk managementIT auditGRC frameworksRegulatory complianceCybersecurity controlsRisk assessmentVendor risk managementSOX complianceServiceNow IRMCommunication skillsTeam collaborationProblem-solving