Athene
Purpose
Athene is seeking a Governance Risk & Compliance Analyst III to support enterprise technology risk management and IT audit/compliance activities. This role partners closely with IT, Cybersecurity, Internal Audit, and Risk Management to assess risk, strengthen controls, and ensure regulatory and audit readiness in a highly regulated financial services environment. This position offers the opportunity to make a measurable impact in a fast‑paced, collaborative environment while helping to advance Athene’s security posture and regulatory compliance.
Accountabilities IT Risk Management & Governance
Conduct internal cyber risk assessments to identify risks, control gaps, and improvement opportunities.
Manage, track, and report on enterprise technology risks, maintaining an up‑to‑date risk register.
Maintain and enhance IT and cybersecurity controls, policies, and standards aligned to industry frameworks (e.g., NIST) and regulatory requirements (e.g., BMA, NYDFS).
Facilitate ongoing assessments of IT governance and compliance processes.
Support cybersecurity metrics, KPIs, and reporting for governance and leadership review.
AI & Emerging Technology Risk
Support the identification, assessment, and ongoing monitoring of risks associated with artificial intelligence (AI) and emerging technology use cases.
Partner with technology, legal, compliance, and risk stakeholders to assess AI use cases for governance, control design, and regulatory readiness.
Monitor adherence to AI governance standards, policies, and risk management practices, including documentation and control evidence.
Support audit and regulatory inquiries related to AI usage, data governance, and technology risk controls.
Third‑Party & Vendor Risk
Perform due diligence on key vendors, including assessment of SOC 1 and SOC 2 reports.
Monitor third‑party risk scores (e.g., BitSight) and coordinate follow‑up on relevant findings.
Respond to security questionnaires and assessments from business partners, providing clear insight into Athene’s security controls and processes.
Audit & Regulatory Compliance
Partner with Internal Audit and IT teams on technology audits, including scoping, evidence collection, and remediation tracking.
Coordinate with external auditors to support SOX IT control testing and request fulfillment.
Monitor compliance with key regulatory requirements (e.g., NYDFS) and support readiness for emerging cybersecurity regulations.
Cybersecurity Program Support
Track vulnerabilities identified through Athene’s threat and vulnerability management program and support remediation efforts.
Coordinate and facilitate cyber incident response exercises, disaster recovery, and tabletop drills.
Assist with the security awareness program, including annual training updates and phishing simulations.
Develop governance, risk, and compliance (GRC) educational and training materials.
Tools & Process Enablement
Maintain and update Athene’s GRC platform, recommending enhancements as the program evolves.
Work closely with technology leadership, cybersecurity teams, and risk management to develop and track remediation action plans.
Qualifications and Experience
Bachelor’s degree in Accounting, Management Information Systems, Computer Science, or related field, or equivalent experience.
4+ years of experience in IT risk management, IT audit, GRC, or compliance roles.
Strong knowledge of IT risk frameworks and internal control methodologies, including SOX.
Ability to independently assess risk, evaluate controls, and partner effectively with auditors and technology teams.
Experience working in a regulated or financial services environment.
Preferred
CRISC, CISA, CISSP, or similar certification.
IT audit or professional services experience.
Experience with ServiceNow IRM module or similar platforms.
Athene is committed to inclusion and is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, veteran status or any other status protected by federal, state or local law.
#J-18808-Ljbffr
Accountabilities IT Risk Management & Governance
Conduct internal cyber risk assessments to identify risks, control gaps, and improvement opportunities.
Manage, track, and report on enterprise technology risks, maintaining an up‑to‑date risk register.
Maintain and enhance IT and cybersecurity controls, policies, and standards aligned to industry frameworks (e.g., NIST) and regulatory requirements (e.g., BMA, NYDFS).
Facilitate ongoing assessments of IT governance and compliance processes.
Support cybersecurity metrics, KPIs, and reporting for governance and leadership review.
AI & Emerging Technology Risk
Support the identification, assessment, and ongoing monitoring of risks associated with artificial intelligence (AI) and emerging technology use cases.
Partner with technology, legal, compliance, and risk stakeholders to assess AI use cases for governance, control design, and regulatory readiness.
Monitor adherence to AI governance standards, policies, and risk management practices, including documentation and control evidence.
Support audit and regulatory inquiries related to AI usage, data governance, and technology risk controls.
Third‑Party & Vendor Risk
Perform due diligence on key vendors, including assessment of SOC 1 and SOC 2 reports.
Monitor third‑party risk scores (e.g., BitSight) and coordinate follow‑up on relevant findings.
Respond to security questionnaires and assessments from business partners, providing clear insight into Athene’s security controls and processes.
Audit & Regulatory Compliance
Partner with Internal Audit and IT teams on technology audits, including scoping, evidence collection, and remediation tracking.
Coordinate with external auditors to support SOX IT control testing and request fulfillment.
Monitor compliance with key regulatory requirements (e.g., NYDFS) and support readiness for emerging cybersecurity regulations.
Cybersecurity Program Support
Track vulnerabilities identified through Athene’s threat and vulnerability management program and support remediation efforts.
Coordinate and facilitate cyber incident response exercises, disaster recovery, and tabletop drills.
Assist with the security awareness program, including annual training updates and phishing simulations.
Develop governance, risk, and compliance (GRC) educational and training materials.
Tools & Process Enablement
Maintain and update Athene’s GRC platform, recommending enhancements as the program evolves.
Work closely with technology leadership, cybersecurity teams, and risk management to develop and track remediation action plans.
Qualifications and Experience
Bachelor’s degree in Accounting, Management Information Systems, Computer Science, or related field, or equivalent experience.
4+ years of experience in IT risk management, IT audit, GRC, or compliance roles.
Strong knowledge of IT risk frameworks and internal control methodologies, including SOX.
Ability to independently assess risk, evaluate controls, and partner effectively with auditors and technology teams.
Experience working in a regulated or financial services environment.
Preferred
CRISC, CISA, CISSP, or similar certification.
IT audit or professional services experience.
Experience with ServiceNow IRM module or similar platforms.
Athene is committed to inclusion and is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, veteran status or any other status protected by federal, state or local law.
#J-18808-Ljbffr