Governance, Risk, & Compliance Analyst

Governance, Risk, & Compliance Analyst

Berkley Regional Shared Services (BRSS) is the service provider for the Regional Segment of W. R. Berkley Corporation, a Fortune 500 Commercial Lines Insurance Company. With key locations across the United States, BRSS provides insurance service support to our six Regional Segment companies, allowing them to focus on their unique competitive advantages and differentiators within their local marketplaces. BRSS's wide reach ensures that ideas and opinions are considered at every level of the organization to guarantee we find the best solutions possible.

Driven by a commitment to collaboration, BRSS partners with our customers and Operating Units by providing comprehensive solutions that not only address the challenge at hand, but proactively plan for the "What's Next" in our industry and beyond. Our mission is to drive transformation and provide exceptional capabilities and service to the operating units. BRSS generates meaningful and measurable value by delivering insights for our customers, partners, and shareholders using data and analytics.

Our vision is to enable operating unit profit and growth objectives by designing and delivering scalable solutions.

With a culture centered on innovation and service stewardship, BRSS stands as a community of leaders with eyes toward the future -- leaders who truly care about growing not only their team members, but themselves, and take pride in their employees who shine. BRSS offers endless ways to get involved and have the chance to grow your career into a wide range of roles. Come join us as we push forward into the future of industry leading technology and service solutions.

This role will be based in the Glen Allen, VA location where we offer a hybrid work schedule with 4 days in the office; and 1 day remote.

The company is an equal opportunity employer.

Responsibilities

As a Governance, Risk, & Compliance Analyst, you will support the W. R. Berkley Regional Segment by executing and documenting IT governance, risk, and compliance activities across Regional Operating Units (OUs) and supporting systems. The role is primarily responsible for performing Sarbanes‑Oxley (SOX) IT control testing, supporting internal and external audit and regulatory inquiries, and assisting with remediation of control findings to ensure compliance with WRB Corporate, regulatory, and industry standards.

In addition, the GRC Analyst assists in the development, maintenance, and standardization of RSS GRC processes and documentation; supports disaster recovery and business continuity planning and testing; and provides Third‑Party Risk Management (TPRM) coordination and support for Regional Segment OUs. The position works closely with RSS IT, WRB Corporate GRC, audit partners, and Regional OU stakeholders to gather evidence, document processes, and ensure that GRC policies, standards, and controls are consistently understood and applied.

What you can expect:

• Culture of innovation, teamwork, supportive colleagues and leaders willing to invest in talent.
• Internal mobility opportunities.
• Visibility to senior leaders and partnership with cross functional teams.
• Opportunity to impact change.Benefits – competitive compensation, paid time off, comprehensive wellness benefits and programs, employer funded health savings account, profit sharing, 401k, paid parental leave, employee stock purchase plan, tuition assistance and professional continuing education.

We'll count on you to:

Execute WRB Corporate GRC Control Assessments (SOX):

• Execute WRB Corporate IT GRC control assessments for applications and systems subject to SOX requirements.
• Perform quarterly WRB Corporate‑mandated compliance testing, including control procedures, user access reviews, and evidence validation.
• Evaluate new GRC, audit, and regulatory requests to ensure testing approaches and documentation adequately support required responses.
• Participate in GRC review meetings to validate completeness and accuracy of test documentation and evidentiary materials prior to submission in GRC tracking systems.
• Maintain a working knowledge of applicable compliance tools, methodologies, and subject business systems.

Assist with GRC Process and Standards Development:

• Assist in the research, development, and documentation of RSS GRC standards, procedures, and guidelines.
• Review and evaluate new or proposed internal and external compliance requirements to ensure RSS GRC processes align with evolving standards.
• Support efforts to standardize GRC practices across Regional OUs and recommend process improvements to senior RSS GRC leadership.
• Maintain and update documentation related to GRC review schedules, evidence sources, and assessment artifacts.

Support Audit Response and Issue Remediation:

• Analyze GRC assessment results, audit findings, and exception requests and coordinate with senior RSS GRC personnel on appropriate responses.
• Monitor WRB Corporate IT GRC findings and support remediation tracking and response documentation.
• Assist in responding to regulatory inquiries affecting Regional OUs, including coordination of corrective actions and supporting documentation.

Disaster Recovery & Business Continuity Planning:

• Support the maintenance and updating of Regional OU‑specific and RSS IT disaster recovery and business continuity plans.
• Participate in DR/BCP testing activities and document results, gaps, and follow‑up actions.
• Assist the RSS GRC Manager in developing and refining DR/BCP processes, procedures, and supporting documentation.

Third‑Party Risk Management (TPRM) Support:

• Assist Regional OU stakeholders with initiating TPRM reviews for new third‑party engagements or material changes in vendor scope.
• Serve as a liaison between Regional OUs, WRB TPRM teams, and third parties to facilitate information and evidence exchange.
• Support documentation and evidence collection during TPRM assessments and reviews.
• Escalate identified information security incidents or compliance concerns to RSS GRC leadership for coordination with TPRM and Information Security teams.
• Assist in validating third‑party findings, remediation plans, and closure activities.

Qualifications

What you need to have:

• Bachelor's Degree in relevant discipline or equivalent combination of education and experience.
• Experience with SOX and/or GRC control assessment and responding to internal/external audit inquiries, including development of remediation plans as needed.
• Experience evaluating and applying risk management principles with a focus on information security and data privacy.
• Experience with Disaster Recovery (DR) and Business Continuity Planning (BCP) concepts, development, and testing.
• Knowledge/understanding of COBIT, COSO-ICIF, ITIL, ISO 27001, and/or Model Audit Rule 205 frameworks as well as other applicable legislation – e.g. SOX, GDPR, HIPAA, NY DFS, etc.
• Strong computer skills, including Microsoft M365 products and related analytical/presentation tools (e.g. Excel, PowerPoint, Visio, etc.) as well as Artificial Intelligence (AI) concepts and tools. Knowledge of SQL, PowerBI, Python, and/or other analytical/development tools.
• Knowledge of data management, reporting tools, and their use in compiling needed GRC information.
• Working knowledge of Software Development Life Cycle (SDLC) and Agile development frameworks.
• Reasoning Ability: Solve practical problems, interpret varied instructions, and apply critical thinking to evaluate information and produce accurate, clear, and relevant conclusions.
• Communication Skills: Communicate effectively in a professional environment, including reading and interpreting business and regulatory materials, writing clear documentation, and presenting information to diverse audiences.
• Organizational Skills: Prioritize and manage workload, develop and execute project plans, and work effectively across multiple concurrent tasks to meet deadlines.
• Personal Qualities and Characteristics: Demonstrate agility, accountability, independence, initiative, sound judgment, collaboration, and strategic thinking while adapting to change and aligning work with business objectives.

Additional Company Details

We do not accept any unsolicited resumes from external recruiting agencies or firms. The company offers a competitive compensation plan and robust benefits package for full time regular employees. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment.

Sponsorship Details

Sponsorship not Offered for this Role