Sr Governance, Risk & Compliance; GRC Analyst

Purpose

Athene is seeking a Sr. Governance, Risk & Compliance (GRC) Analyst to help strengthen and evolve enterprise technology risk management, cybersecurity governance, and regulatory compliance across the organization. This role partners closely with Cybersecurity, Technology, Internal Audit, and Enterprise Risk teams to assess emerging risks, influence control strategy, and enhance regulatory readiness within a highly regulated financial services environment.

• Conduct technology and cybersecurity risk assessments to identify risks, control gaps, and opportunities for program enhancement.
• Manage and maintain the enterprise technology risk register, including risk tracking, reporting, and remediation oversight.
• Partner with technology and cybersecurity teams to strengthen controls, policies, standards, and governance processes aligned to industry frameworks (e.g., NIST) and regulatory requirements (e.g., BMA, NYDFS, SOX).
• Evaluate IT governance and compliance processes to support ongoing program maturity and operational effectiveness.
• Develop and enhance cybersecurity metrics, KPIs, and executive reporting to support governance and risk‑informed decision making.
• Provide risk advisory support to technology and business stakeholders on governance, control, and compliance considerations.

• Help shape Athene’s governance approach for AI and emerging technologies by partnering across technology, legal, compliance, and risk functions.
• Assess AI and emerging technology use cases for risk, control effectiveness, regulatory alignment, and operational readiness.
• Contribute to the development and operationalization of AI governance standards, controls, and risk management practices.
• Monitor adherence to AI governance requirements, including documentation, control evidence, and risk management procedures.
• Support internal and external audit inquiries related to AI usage, data governance, and technology risk oversight.

• Perform technology and cybersecurity due diligence assessments for key vendors and third parties, including review of SOC1 and SOC2 reports.
• Monitor third‑party risk ratings and coordinate remediation or follow‑up activities related to identified concerns.
• Partner with business and technology teams to evaluate vendor risk exposure and strengthen third‑party governance practices.
• Respond to client, partner, and vendor security assessments and questionnaires, clearly communicating Athene’s security controls and governance practices.

• Serve as a key liaison for technology risk, audit, and regulatory activities, helping streamline evidence collection, remediation tracking, and control maturity efforts.
• Partner with Internal Audit, External Audit, and Technology teams to support technology audits and SOXIT control testing.
• Track and manage remediation activities related to audit findings, risk assessments, and compliance initiatives.
• Monitor evolving cybersecurity and technology regulations and support readiness efforts across the organization.

• Partner with cybersecurity teams to track vulnerability remediation efforts and support enterprise risk reduction initiatives.
• Coordinate and facilitate cyber incident response exercises, disaster recovery activities, and tabletop simulations.
• Support the enterprise security awareness program, including annual training initiatives and phishing simulation activities.
• Develop governance, risk, and compliance educational materials to increase awareness and strengthen risk culture across the organization.

• Maintain and enhance Athene’s GRC platform and supporting workflows as the program evolves.
• Identify opportunities to improve processes, reporting, automation, and control visibility across governance and compliance activities.
• Collaborate with technology leadership, cybersecurity teams, and risk management stakeholders to develop and track remediation action plans and strategic initiatives.

• Bachelor’s degree in Accounting, Management Information Systems,…