THIS POSITION IS LOCATED IN FARMINGTON HILLS, MICHIGAN AND FOLLOWS OUR HYBRID/IN-PERSON SCHEDULE.      

Position Overview

Open Dealer Exchange (ODE) is seeking a direct hire for the GRC Analyst role to expand its GRC Team in its corporate office located in Farmington Hills, MI. ODE is a software company building revolutionary Finance and Insurance technology in the automotive industry. This position will report directly to the GRC Manager and work collaboratively with the other parts of the company. 

The GRC team at ODE is responsible for: Third Party Risk Management (TPRM), Policy Management, Compliance Controls primarily focused on IT, responding to Third-Party Assessments, SOC1/SOC2 reporting, and Enterprise Risk Management. This position will work closely with our CTO, CFO, senior business leaders, and Legal Counsel as part of the risk management process. In addition, this position will work side-by-side with our infrastructure and security teams to monitor our compliance controls and assess risk. 

Qualifications: 

· Lead the annual policy refresh program. 

· Work with policy owners to update and improve their policies. 

· Lead the policy exception process by tracking and assessing risk within our environment. 

· Lead our policy restructure project to modernize our policies. 

· Test and review IT/entity-level controls to confirm whether controls are operating effectively and designed appropriately. 

· Perform Third Party Risk Assessments. 

· Produce quarterly reports for GRC which are shared with the executive team and key stakeholders. 

· Other responsibilities as assigned.

Preferred Skills and Experience:

· A bachelor’s degree and one to five years of experience in Policy Management, GRC, Internal IT Controls, TPRM, or Risk Management is required.

· Strong organizational and multitasking skills.

· Excellent communication and detailed oriented skills.

· Familiarity with IT security frameworks (ISO 27001, NIST cybersecurity framework, NIST 800-53, CSI, etc.) and general IT security concepts.

· Familiar with SOC 1 & SOC2 reports.

· Experience with AuditBoard or other tools to monitor and test controls or risks.