GRC Automation and AI Specialist Senior

Overview

The GRC Automation and AI Specialist Senior leads efforts to automate cybersecurity and GRC processes using AI technologies to improve compliance efficiency and reduce manual workload. The role exercises discretion and independent judgment to evaluate risks, interpret regulatory requirements, and establish automated control procedures. Responsibilities include conducting security assessments, control testing, issues management, and compliance reporting in alignment with the Bank's internal control framework, regulatory requirements, and departmental policies, while collaborating with auditors and safeguarding sensitive information.

• Design and deploy Artificial Intelligence (AI)/Machine Learning (ML) solutions to automate cybersecurity tasks such as continuous monitoring of security controls, automated evidence collection for audits, and real-time compliance dashboards.
• Collaborate with GRC, engineering, Sec Ops, IT operations, and BCP teams to define requirements and ensure scalable, secure, and maintainable AI-driven automation solutions.
• Develop automated compliance reports and risk metrics for executive leadership, applying AI-driven insights to improve decision-making and reduce operational risk.
• Apply knowledge of SOX and control testing to identify, assess, aggregate, report, and mitigate current and emerging risk events across cross‑functional teams.
• Coordinate work assignments with process owners, control owners, external auditors, and consultants, ensuring issues are documented, monitored, and resolved.
• Advise internal stakeholders on internal control design for ongoing risk mitigation of information systems based on regulatory requirements and best practices.
• Communicate security issues and risks effectively to diverse audiences and ensure compliance with applicable controls based on a unified framework.
• Identify and correct process gaps proactively, recommending improvements to advance the Bank’s information security program maturity in alignment with company goals.
• Guide program leaders on risk remediation efforts, ensuring adequacy of response and timeliness based on risk severity.
• Perform major assignments related to GRC program operations, including evaluation of high‑risk processes and applications, strategic planning inputs, and execution of automation initiatives.
• Work independently on complex programs and assignments with diverse teams and perform other duties as assigned.

• 2-4 years of applied work experience in data engineering, analytics or integration, cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
• Knowledge of AI concepts (LLMs, prompt design, limitations, hallucinations, etc.).
• Knowledge of AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001).
• Knowledge of information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST.
• Knowledge of IT systems and processes, network infrastructure, data architecture, and protocols.
• Skill in using AI/ML platforms and automation frameworks, such as Microsoft AI solutions (Power Automate, Copilot Studio) and AI Foundry, for developing agents, workflow automation, and predictive analytics in cybersecurity and GRC environments.
• Skill in applying cyber and cloud security frameworks, architecture, design, operations, controls, and service orchestration.
• Ability to develop and manage use cases, including capturing requirements and creating AI‑driven solutions.
• Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
• Ability to develop and implement enterprise governance, risk, and compliance strategies and solutions.
• Ability to research and locate information related to internal and external organizations using online and other sources.
• Skill in security project management and planning.
• Ability to maintain confidentiality and handle sensitive information appropriately.
• Ability to troubleshoot and operate computers and various software packages.
• Ability to define problems, collect and analyze data, establish facts, and draw valid conclusions.
• Abili…