Governance, Risk & Compliance Analyst

The Indianapolis Colts are seeking an experienced Governance, Risk, and Compliance (GRC) Analyst who will be responsible for ensuring organizational compliance of various industry standard frameworks, i.e., PCI-DSS, HIPAA, GDPR, and various state-level data privacy laws.

Reporting to the Director of Information Security, Risk, and Compliance, the GRC Analyst will play an integral role in the overall development of the Club’s GRC roadmap and capabilities; identifies gaps in risk management processes and leverages internal assessments to drive improvements within the organization. The GRC Analyst will collaborate with process owners, internal and external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings.

This is a full-time position working onsite from our main offices at the Indiana Farm Bureau Football Center in Indianapolis, IN. The successful candidate will embody the Colts core values in support of the team's mission to entertain, inspire and unite by winning the right way.

HIRING MANAGER

Director of Information Security, Risk, and Compliance

DIRECT REPORTS

None

RESPONSIBILITIES

GRC Program:

• Assist in the development and implementation of the company's GRC program.
• Support the establishment of policies, procedures, and controls to ensure compliance with PCI, HIPAA, and Data Privacy regulations.
• Maintain GRC program alignment with industry best practices and modern tools.

Compliance Management:

• Monitor and track compliance requirements and ensure they are met across the organization.
• Conduct regular compliance assessments and audits to identify potential risks and areas for improvement.
• Prepare and maintain documentation related to compliance activities and findings.

Cross-Departmental Collaboration:

• Work closely with all lines of business to ensure compliance requirements are understood and adhered to.
• Facilitate cross-departmental communication to address compliance issues and implement corrective actions.

Training and Awareness:

• Participate in the development and delivery of training programs to educate employees on compliance requirements and best practices.
• Promote a culture of compliance and risk awareness throughout the organization.

Reporting and Documentation:

• Maintain risk register and assist in quantifying risks introduced into the organization.
• Ensure accurate records and documentation are kept supporting compliance audits and reviews.
• Support the development and implementation of risk mitigation strategies and action plans.

QUALIFICATIONS

• Bachelor’s degree or a combination of related education and experience may be considered.
• 1-3 years of previous experience in GRC, Data Privacy, or a related field.
• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving skills.
• Basic understanding of PCI, HIPAA, and/or Data Privacy compliance requirements.
• Professional certifications from ISACA, IAPP, etc. (plus).
• Experience implementing or configuring GRC tools in an enterprise environment (plus).
• In-depth knowledge of domestic and/or international Data Privacy regulations (plus).
• Experience implementing data classifications and sensitivity labels on structured and unstructured data (plus).

Responsibilities and qualifications may change at any time with or without notice.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.