GRC Specialist Senior

Overview The GRC Specialist Senior is responsible for conducting security assessments, control testing, issues management, development of metrics and compliance reports in alignment with the Bank's technology risk management framework, regulatory requirements, and departmental policies, while collaborating with auditors and risk management to safeguard the Bank's assets and sensitive information. This individual will also lead efforts to automate cybersecurity and GRC processes using AI technologies to improve efficiency and reduce manual workload. The role exercises discretion and independent judgment to evaluate risks, interpret regulatory requirements, and establish automated control procedures.

Principal Duties & Responsibilities:

Coordinate risk and control self-assessments with IT and cybersecurity subject matter experts and enterprise risk management team. Conduct control testing and document results to identify potential gaps in control design and/or control operating effectiveness. Collaborate with GRC, engineering, SecOps, IT operations, and BCP teams to define requirements and ensure scalable, secure, and maintainable AI-driven automation solutions. Identify opportunities to develop automated solutions using Microsoft Copilot, Power Automate, or another approved automation tool. Develop and maintain cybersecurity and IT policies, standards, procedures, program metrics and help develop automated compliance reports and risk metrics for executive leadership, to improve decision-making and reduce operational risk. Coordinate work assignments with process owners, control owners, external auditors, and consultants, ensuring issues are documented, monitored, and resolved. Advise internal stakeholders on internal control design for ongoing risk mitigation of information systems based on regulatory requirements and best practices. Communicate security issues and risks effectively to diverse audiences and ensure compliance with applicable controls based on a unified framework. Identify and correct process gaps proactively, recommending improvements to advance the Bank's information security program maturity in alignment with company goals. Guide program leaders on risk remediation efforts, ensuring adequacy of response and timeliness based on risk severity. Perform major assignments related to GRC program operations, including evaluation of high-risk processes and applications, strategic planning inputs, and execution of automation initiatives. Work independently on complex programs and assignments with diverse teams and perform other duties as assigned. Qualifications 2-4 years of of applied work experience in cyber security compliance management, cyber security programs, data engineering, analytics or integration, audits, assessments, risk and remediation. Knowledge of AI concepts (LLMs, prompt design, limitations, hallucinations, etc.) Knowledge of information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST. Knowledge of IT systems and processes, network infrastructure, data architecture, and protocols. Skills in using AI/ML platforms and automation frameworks, such as Microsoft AI solutions (Power Automate, Copilot Studio) and AI Foundry, for developing agents, workflow automation, and predictive analytics in cybersecurity and GRC environments (desirable). Skill in applying cyber and cloud security frameworks, architecture, design, operations, controls, and service orchestration. Proficiency in Microsoft Office products (Word, Excel, PowerPoint). Ability to develop and implement enterprise governance, risk, and compliance strategies and solutions. Ability to research and locate information related to internal and external organizations using online and other sources. Skill in security project management and planning. Ability to maintain confidentiality and handle sensitive information appropriately. Ability to troubleshoot and operate computers and various software packages. Ability to define problems, collect and analyze data, establish facts, and draw valid conclusions. Ability to use judgment and ingenuity in maintaining objectives and technical standards. Ability to communicate technical issues effectively to diverse audiences, both in writing and verbally. Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes. Education Bachelor's Degree in in Computer Science, Data Analytics, Engineering or related field, preferred. An equivalent combination of education and/or relevant professional experience may be considered in lieu of a degree. Certification in any of the following is preferred but not required: Microsoft certifications such as Power Platform Fundamentals (PL-900) or Copilot Studio Applied Skills (APL-7008) CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional). Special Instructions to Candidates City National Bank of Florida is an Equal Opportunity Employer and is committed to providing equal employment opportunities to all applicants. We do not discriminate on the basis of race, color, religion, sex, pregnancy, national origin, age, disability, genetic information, protected veteran status, or any other status protected under federal, state, or Florida law. City National Bank of Florida complies with the Americans with Disabilities Act (ADA) and applicable Florida laws. Qualified individuals with disabilities who require a reasonable accommodation in order to complete the online application or participate in the hiring process may contact our Human Resources Talent Attraction Department talent.attraction@citynational.com.