IT Governance Risk & Compliance (GRC) Specialist - Remote

| Chicago | Remote
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 

Job Description:

Governance Specialist is a key team member of DFIN's IT Governance Risk and Compliance (GRC or IT GRC) organization and is responsible for IT Governance and IT Risk activities that both support and provide oversight to IT, Product Engineering, Infrastructure and Security teams as well as DFIN suppliers and customers. This position is responsible for conducting IT Governance Tasks that align and contribute to the overall success of the broader GRC team, which works under the leadership of DFIN’s CISO.

Integral to the role is the ability to manage Governance activities to protect DFIN and our clients’ data. Focus is given to maintaining policy compliance, process and organizational policies, standards documentation, information security governance and risk management functions. Additional focus is applied to implementing and refining policies, standards and procedures that help promote the control framework’s adoption and alignment throughout DFIN. Furthermore, the position plays a key role in continual process improvements and evolution as it relates to IT Security Risk Assessments, Policy Exceptions and the strategic vision of IT Governance


Work is typically performed under minimal to no supervision, with only guidance about overall goals and objectives. Must be able to prioritize work based on evaluation of short term and long-term goals of the department and team. Able to independently evaluate processes, identify areas of improvement, and incorporate into overall work objectives. Duties are defined below:

  • Coordinate the development of best practice policies and standards based on various governance frameworks.
  • Ensure all IT control are documented and assigned control owners to establish accountability.
  • Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
  • Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments
  • Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, ISO, NIST, etc.).
  • Monitoring IT controls across the organization.
  • Collaborate effectively adapt the process, risk, control framework, map organizational controls and establish the accountability and ownership for IT risk management and control activities.
  • Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, ISO, NIST, etc).
  • Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units.
  • Support IT GRC capabilities such as enterprise security risk management compliance
  • Policy creation, updates, and overall management and organization of shared documentation on SharePoint
  • Control Self Assessments and Control Gap Analysis
Responsibilities (Cont.):
  • Third party risk management and reporting
  • Maintaining a Risk Register
  • Documenting and evaluating policy exception requests
  • Responsible for developing and deriving KPIs from a controls baseline
  • Global analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate
  • Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the ITGRC program.
  • Remediation and risk mitigation planning, implementation, and oversight.
  • Creation, documentation and maintenance of governance processes to oversee ITGRC programs
  • GRC policy enforcement across the enterprise.
  • Education of Governance principles, polices, and standards enterprise wide.
  • Responsible for identifying, analyzing and resolving complex problems. Manage, monitor, and ensure timely updates to planned remediation efforts
  • Interact with AppSec team to assist in scheduling and testing of third-party pen tests.
  • Client Security Reviews and inquiries

The qualifications below are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • 5+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution.
  • Experience working in an IT Governance, Risk and Compliance role
  • Working knowledge of: SOC 2, SOX404, ISO 27001, NIST CSF, GDPR, PCI, CCPA, HiTrust,
  • Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks.
  • Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.
  • Experience with SOC 2, SOC 404 audits and/or ISO Certifications
  • Proficient Microsoft o365 skills with an emphasis on Word and Excel (e.g., vlookup, Pivots Tables, etc.)
  • 2+ years of experience using Service Now
  • Very strong communication (verbal and written) skills and the ability to present with clarity
  • Able to mentor junior level team members in the use of tools and/or systems in the position.
  • Some experience with project management (for example: planning, organizing, and managing resources to bring about the effective completion of specific project goals and objectives) is helpful.
Preferred Qualifications:
  • Bachelor’s degree in discipline related to functional work or role with 5-10 years of relevant GRC work experience
  • Industry recognized certifications such as CISSP, CISM, CRISC, CISA, or equivalent

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access as a result of your disability. You can request a reasonable accommodation by sending an email to [email protected] #BI-Remote

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • ReactLibraries
    • AngularJSFrameworks
    • ASP.NETFrameworks
    • Microsoft SQL ServerDatabases
    • SAP HANADatabases
    • TeradataDatabases


Located in the heart of downtown Chicago’s financial district, we are steps from all Metra stations, good eats and entertainment.

An Insider's view of DFIN

What projects are you most excited about?

In transforming and improving FinTech products, excitement comes from the challenge of knowing that the problems are complex, yet the solutions must be easy to use. When we start a new project, I can't wait to sink my teeth into understanding the problem space, talking to users, designing the solution, and seeing it through to release.


Principal Product Designer

What makes someone successful on your team?

Active and honest listening – Contrary to the stereotypical, extroverted sales rep, some of my most effective and insightful client interactions are when I do the least amount of talking, and the most active listening. Client insight is exponentially easier to excavate when you stop “pitching” – and start listening.


Senior Sales Representative

What is your vision for the company?

Our business plan reflects the change in products DFIN is selling today versus what we sell in five years. DFIN today is a company that offers a lot of professional services that we added software to, but the goal is to become a SaaS company that has services to support it.


SVP, Global Head of Engineering

What does your typical day look like?

The role of a software engineer is really about creating computational systems and ensuring they behave as designed. My day-to-day is focused mostly on writing code that provides new functionality within our products that we see a need for in the market—and providing quality control to be certain it works properly.


Senior Software Engineer

What are DFIN Perks + Benefits

DFIN Benefits Overview

The world continues to change in ways we never expected, but there is one constant: your safety and well-being is a top priority, and DFIN has you covered with our benefits.

Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Documented equal pay policy
Highly diverse management team
Unconscious bias training
Diversity manifesto
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K) Matching
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
We value a work / life balance at DFIN.
Remote Work Program
We have partial and fully remote opportunities at DFIN.
Family Medical Leave
Family Medical Leave granted under the Family and Medical Leave Act (FMLA).
Return-to-work program post parental leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Happy Hours
Employee parking available
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
Time allotted for learning
Online course subscriptions available
Customized development tracks
More Jobs at DFIN26 open jobs
All Jobs
Dev + Engineer
HR + Recruiting
Project Mgmt
Project Mgmt
HR + Recruiting
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView DFIN's full profileSee more DFIN jobs