Risk Compliance Analyst Visa Sponsorship Jobs in Washington

Senior IT Governance, Risk & Compliance (GRC)

The Senior IT Governance, Risk & Compliance (GRC) professional is responsible for establishing, overseeing, and continuously improving the organization’s IT governance framework to ensure alignment with business objectives, regulatory requirements, and industry best practices. This role leads enterprise-wide IT risk management, compliance, and control activities, including policy ownership, control design, risk assessments, audit coordination, and remediation oversight across business units and technology domains. Acting as a trusted advisor to IT leadership, business stakeholders, and audit partners, the Senior IT GRC role drives consistency, accountability, and transparency in how IT risks are identified, managed, and reported, while supporting compliance with regulatory, contractual, and internal control requirements in a complex, decentralized environment.

Responsibilities and Duties:

• Identify, monitor, and support activities responsible for validating the effectiveness of IT security, governance, risk, and compliance programs.
• Support alignment between IT and audit activities while ensuring adherence to adopted standards, frameworks, and methodologies.
• Evolve the enterprise IT GRC roadmap, driving continuous improvement in governance maturity, risk visibility, and control effectiveness across the organization.
• Develop and provide guidance for advisory reviews related to system implementations, technology strategies, mergers and acquisitions, fraud events, and service interruptions.
• Contribute to a sustainable IT general control environment through involvement in key IT internal control and governance activities.
• Coordinate with Business Units to align controls with enterprise IT policies, standards, trends, and best practices.
• Support internal and external audit activities related to IT governance by assisting with policies, narratives, evidence expectations, and self-assessment documentation.
• Participate in IT risk assessment activities, including third party and service provider risk reviews, and contribute to broader risk management, compliance, and internal control initiatives as needed.
• Serve as a subject matter resource to support the identification and assessment of IT risks and to improve the effectiveness and efficiency of IT controls.
• Identify and recommend opportunities for improved governance processes and technology-based tools to support risk mitigation and compliance oversight.
• Support the development and maintenance of enterprise IT governance policies, standards, procedures, and control requirements to assure compliance with applicable regulatory, audit, and contractual obligations, as well as sound business practices.
• Review Business Unit certifications and submissions, identify variances, and support the development of remediation actions in coordination with BU leadership.
• Support formal IT risk analysis and self-assessment activities for systems, processes, and services, including global asset risk and obsolescence considerations.
• Contribute to continuity governance and risk mitigation activities related to disaster recovery, backup and recovery practices, and system lifecycle management.
• Support the development, implementation, and monitoring of compliance oversight activities related to ITAR/DFARS, PCI, data privacy regulations (e.g., GDPR, CCPA), and contractual, licensing, and usage requirements, where governance remains centralized.
• Liaise with Internal Audit, Corporate Compliance, Legal, and Business Unit IT leadership to support IT governance, risk, and compliance initiatives and audit activities.
• Monitor IT-related regulatory, compliance, and legal trends and support the communication of relevant impacts and expectations across the organization.
• Assist with training and awareness activities for IT staff and Business Units related to IT governance, risk management, and compliance expectations, as needed.

Qualifications and Competencies:

• Bachelor’s degree in a related field such as Computer Science, Information Technology, or a related discipline.
• 5 + years of experience in an IT GRC or related field required.
• Risk- or audit-related professional certifications preferred, such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), or Certificate of the Business Continuity Institute (CBCI), or equivalent demonstrated experience.
• Demonstrated experience supporting compliance with Sarbanes-Oxley (SOX) IT General Controls, including control design, testing coordination, evidence management, and remediation oversight in partnership with Internal and External Audit.
• Proven knowledge of DFARS and ITAR regulatory requirements as they apply to information systems, data protection, access controls, and service providers, with experience supporting assessments, contractual requirements, and control enforcement across business units.
• Demonstrated experience supporting enterprise data privacy programs, including the interpretation and application of global privacy regulations such as GDPR and CCPA, participation in data privacy impact assessments (DPIAs), and oversight of privacy-related controls within IT governance frameworks.
• Proven ability to partner with Legal, Information Security, Internal Audit, and business stakeholders to assess privacy risks, support contractual and vendor privacy requirements, and ensure appropriate handling, protection, and retention of personal data across systems and service providers.
• Demonstrated experience providing governance, risk, and compliance oversight for IT resiliency, backup, and recovery programs, including policy development, control definition, risk assessments, and validation of recovery readiness.
• Proven ability to oversee backup and disaster recovery control effectiveness, including immutability, retention, encryption, and restoration testing, while coordinating evidence, certifications, and remediation activities with Business Units, Information Security, and Internal Audit.
• Experience operating within a centralized model while enabling consistent execution and compliance across decentralized business units.
• Experience or working knowledge of IT governance and compliance frameworks such as COSO, ISO 27001, PCI-DSS, COBIT, and ITIL.
• Strong analytical and assessment skills with experience supporting IT risk assessments, audits, or compliance activities across a variety of technologies and platforms.

This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Crane Company is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.