Governance Risk Compliance Manager Jobs in Kansas

Job Summary:
Credit Union of America is seeking an IT Security Governance, Risk, & Compliance Analyst to execute and maintain their Information Security GRC program. This role involves monitoring governance controls, supporting regulatory compliance, and managing risk assessment processes to ensure adherence to security policies and standards.
Responsibilities:
• Coordinate, collect, and maintain evidence required for internal audits, external audits, and regulatory examinations (e.g., NCUA, FFIEC, GLBA).
• Support regulatory and audit examinations by preparing documentation, responding to evidence requests, and tracking follow-up items.
• Track audit and examination findings, remediation activities, and management responses to ensure timely and documented closure.
• Perform periodic internal compliance reviews and control testing to validate adherence to approved security policies, standards, and procedures.
• Support the Vendor Risk Management (VRM) program by reviewing third-party security documentation, SOC reports, and due-diligence artifacts in accordance with established risk assessment standards.
• Maintain and update the Information Security Risk Register, ensuring risks are clearly documented, assessed, tracked, and mapped to appropriate mitigation or acceptance decisions.
• Monitor risk remediation timelines and escalate overdue or unresolved items through established governance and reporting channels.
• Assist in the drafting, updating, maintenance, and version control of Information Security policies, standards, and operational procedures.
• Ensure governance documentation remains current, internally consistent, and aligned with regulatory updates, audit outcomes, and business practices.
• Track required policy and procedure reviews and coordinate stakeholder input as directed by the Information Security Officer (ISO).
• Facilitate recurring governance activities including Role-Based Access Control (RBAC) reviews, access attestations, and control validation by coordinating with HR, IT, and business unit leaders.
• Coordinate and track Information Security awareness training and phishing simulation activities, maintaining required evidence and completion metrics.
• Prepare governance materials, dashboards, and summaries for committees (e.g., IT Steering Committee) focused on compliance posture, control coverage, and risk status.
• Support execution of approved Information Security and Insider Threat Program elements by monitoring policy adherence and control effectiveness.
• Maintain key compliance, governance, and risk metrics (KPIs/KRIs) used for management and executive reporting.
• Provide accurate, timely data and documentation to support management review and decision making; interpretive analysis and risk acceptance decisions remain with the ISO and executive leadership.
• Perform other duties as assigned by supervisor. Employees shall be trained annually, demonstrate an understanding of, and follow the requirements of the BSA/AML Compliance Program as it specifically relates to their job.
Qualifications:
Required:
• Three years to five years of similar or related experience.
• A bachelor's degree (e.g., Information Technology, Computer Science, Information Systems), or an equivalent combination of education and demonstrated GRC Analyst experience.
• Ability to read, interpret, and apply regulatory guidance and examination materials (e.g., FFIEC IT Handbook, GLBA, NCUA guidance).
• Working knowledge of information security frameworks and standards (e.g., NIST, CRI, ISO 27001).
• Strong documentation, evidence management, and attention to detail skills suitable for audit and regulatory scrutiny.
• Effective written, verbal, and presentation communication skills, with the ability to translate technical or compliance information into clear, user-friendly formats.
• Strong organizational, prioritization, and time management skills to manage multiple concurrent GRC activities.
• Ability to work independently while collaborating effectively across technical, operational, and business teams.
• Foundational understanding of common IT infrastructure, security concepts, and control environments.
Preferred:
• GRC or audit related certifications (e.g., Security+, CISA, CRISC, or similar) are preferred but not required.
Company:
Credit Union of America is a member-owned financial cooperative providing banking services, savings, loans, other financial services. Founded in 1935, the company is headquartered in Wichita, USA, with a team of 201-500 employees. The company is currently Growth Stage.