Sr Governance, Risk & Compliance (GRC) Analyst

We are driven to do more. More for our customers and the financial professionals who offer our products. If you are driven to do more and love the challenge of pursuing more, Athene is your kind of company. You will find we offer more than the basics to create an inclusive and dynamic work environment at our various locations. Purpose: Athene is seeking a Sr. Governance, Risk & Compliance (GRC) Analyst to help strengthen and evolve enterprise technology risk management, cybersecurity governance, and regulatory compliance across the organization. This role partners closely with Cybersecurity, Technology, Internal Audit, and Enterprise Risk teams to assess emerging risks, influence control strategy, and enhance regulatory readiness within a highly regulated financial services environment. The ideal candidate is a strategic and collaborative risk professional who enjoys solving complex problems, driving continuous improvement, and helping shape governance practices for modern technologies, including AI and emerging platforms. This is an opportunity to play a visible role in advancing Athene's cybersecurity maturity and technology risk program while working in a fast-paced, highly collaborative environment with meaningful enterprise impact. Accountabilities: IT Risk Management & Governance * Conduct technology and cybersecurity risk assessments to identify risks, control gaps, and opportunities for program enhancement. * Manage and maintain the enterprise technology risk register, including risk tracking, reporting, and remediation oversight. * Partner with technology and cybersecurity teams to strengthen controls, policies, standards, and governance processes aligned to industry frameworks (e.g., NIST) and regulatory requirements (e.g., BMA, NYDFS, SOX). * Evaluate IT governance and compliance processes to support ongoing program maturity and operational effectiveness. * Develop and enhance cybersecurity metrics, KPIs, and executive reporting to support governance and risk-informed decision making. * Provide risk advisory support to technology and business stakeholders on governance, control, and compliance considerations. AI & Emerging Technology Governance * Help shape Athene's governance approach for AI and emerging technologies by partnering across technology, legal, compliance, and risk functions. * Assess AI and emerging technology use cases for risk, control effectiveness, regulatory alignment, and operational readiness. * Contribute to the development and operationalization of AI governance standards, controls, and risk management practices. * Monitor adherence to AI governance requirements, including documentation, control evidence, and risk management procedures. * Support internal and external audit inquiries related to AI usage, data governance, and technology risk oversight. Third-Party & Vendor Risk Management * Perform technology and cybersecurity due diligence assessments for key vendors and third parties, including review of SOC 1 and SOC 2 reports. * Monitor third-party risk ratings and coordinate remediation or follow-up activities related to identified concerns. * Partner with business and technology teams to evaluate vendor risk exposure and strengthen third-party governance practices. * Respond to client, partner, and vendor security assessments and questionnaires, clearly communicating Athene's security controls and governance practices. Audit & Regulatory Compliance * Serve as a key liaison for technology risk, audit, and regulatory activities, helping streamline evidence collection, remediation tracking, and control maturity efforts. * Partner with Internal Audit, External Audit, and Technology teams to support technology audits and SOX IT control testing. * Track and manage remediation activities related to audit findings, risk assessments, and compliance initiatives. * Monitor evolving cybersecurity and technology regulations and support readiness efforts across the organization. Cybersecurity Program Support * Partner with cybersecurity teams to track vulnerability remediation efforts and support enterprise risk reduction initiatives. * Coordinate and facilitate cyber incident response exercises, disaster recovery activities, and tabletop simulations. * Support the enterprise security awareness program, including annual training initiatives and phishing simulation activities. * Develop governance, risk, and compliance educational materials to increase awareness and strengthen risk culture across the organization. Tools & Process Enablement * Maintain and enhance Athene's GRC platform and supporting workflows as the program evolves. * Identify opportunities to improve processes, reporting, automation, and control visibility across governance and compliance activities. * Collaborate with technology leadership, cybersecurity teams, and risk management stakeholders to develop and track remediation action plans and strategic initiatives. Qualifications and Experience: * Bachelor's degree in Accounting, Management Information Systems, Computer Science, Cybersecurity, or related field (or equivalent experience) and 5+ years of experience in IT risk management, cybersecurity governance, IT audit, GRC, compliance, consulting, or professional services environments. * Strong understanding of IT risk frameworks, governance practices, and internal control methodologies, including SOX IT controls. * Experience assessing technology and cybersecurity risks, evaluating control effectiveness, and supporting remediation efforts. * Ability to communicate effectively with both technical and non-technical stakeholders across all levels of the organization. * Strong analytical, problem-solving, and organizational skills with the ability to manage multiple priorities independently. * Experience working in a regulated industry or financial services environment. Preferred Qualifications * Professional certifications such as CRISC, CISA, CISSP, or similar. * Experience supporting AI governance, emerging technology risk, or cybersecurity compliance initiatives. * Experience with ServiceNow IRM/GRC or similar governance and risk management platforms. * Familiarity with regulatory frameworks and standards such as NIST, NYDFS, BMA, ISO 27001, or COBIT. Drive. Discipline. Confidence. Focus. Commitment. Learn more about working at Athene. Athene is a Military Friendly Employer! Learn more about how we support our Veterans. Athene is committed to inclusion and is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, veteran status or any other status protected by federal, state or local law.