UGI

Global Sr GRC Analyst

King of Prussia, PA

Remote

Oil and Gas

About This Job

Global Sr GRC Analyst

Location:King Of Prussia, PA, US, 19406

Workplace Environment: Hybrid

Company: UGI Corporation

Requisition Number: 27385

UGI Corporation (NYSE: UGI) is a holding company that distributes and markets energy products and services through our subsidiaries and the company’s common stock is a balanced growth and income investment. UGI Corporation has paid common dividends for more than 135 consecutive years.

In addition to a challenging career and competitive compensation, our employees enjoy:

Generous and Family-friendly Health & Welfare Benefits Including:

- Medical, Vision, and Dental Plans

- Optional Health Savings Account

- Optional Dependent Care Savings Account

- Paid Maternity/Paternity Leave

- Work from home policy

- Employee Assistance Program

Additional Benefits Include:

- 401K with a generous company match

- Tuition Reimbursement

- Assistance with Professional Credentialing

- Referral Bonuses

- Employee Discount Programs

Position Summary

The Global GRC Senior Analyst plays a critical role in ensuring that the organization operates within its regulatory, legal, and compliance obligations while managing risk effectively. The Global GRC Senior Analyst will report directly to the Global Information Security GRC Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain governance, risk, and compliance processes. The ideal candidate is detail-oriented, analytical, and experienced in regulatory compliance, risk management frameworks, and governance best practices.

Key Responsibilities

Governance:

- Develop and maintain corporate policies, procedures, and frameworks to align with industry best practices (e.g., NIST CSF, SOX, PCI, etc.).

- Assist with the development and maintenance of GRC process and procedure documentation.

- Ensure IT functions are in compliance with best practices and company policies and standards through assessments (i.e. peer reviews, audits, etc.).

- Track key risk indicators and security metrics.

Risk Management:

- Assist with conducting gap assessments to identify threats, vulnerabilities, and potential impacts on the organization.

- Develop and maintain the risk register, ensuring risks are documented, prioritized, and mitigated.

- Perform third-party/vendor risk assessments to evaluate potential risks associated with external partnerships and perform on-going monitoring to assess risk of engagement.

- Maintain centralize documentation, continuous monitoring for vendors, formal escalation protocols for non-compliance to ensure alignment with enterprise risk tolerance.

- Document risk acceptance decisions and compensating controls.

- Develop and maintain templates for consistent risk documentation.

- Assist in evaluating cybersecurity risk on incoming projects.

- Assist and support team in performing cybersecurity due diligence on merger/acquisition targets.

Compliance:

- Ensure compliance with regulatory requirements (e.g., GDPR, HIPAA, SOX, PCI-DSS) and industry standards through monitoring and reporting metrics, security exceptions and using other methods to monitor compliance.

- Drive compliance by maintaining the compliance framework to ensure policies and standards align to regulatory requirements, laws and best practices.

Stakeholder Engagement:

- Collaborate with business units to understand critical processes.

- Educate stakeholders on risk management concepts and frameworks.

- Partner with technical teams to validate remediation plans.

- Present risk findings to appropriate governance committees.

- Coordinate and collaborate with stakeholders to establish and track metrics for governance programs.

- Collaborate with stakeholders to monitor regulatory and industry developments to ensure compliance with changes.

- Coordinate and collaborate with stakeholders to track outcomes and metrics for all third-party breaches.

- Advise stakeholders on compliance requirements and incorporate new metrics into governance life cycle process, including new tools as they are onboarded.

- Coordinate the review of Policies and Standards through collaborating with stakeholders.

Collaboration and Reporting:

- Partner with IT, Legal, HR, and other departments to ensure alignment on risk and compliance efforts.

- Create and deliver regular risk and compliance metrics for senior leadership and boards.

- Serve as a subject matter expert (SME) for GRC-related queries and initiatives.

Skills and Competencies:

- Strong understanding of GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC).

- Familiarity with risk management frameworks (e.g., COBIT, FAIR) and compliance standards.

- Exceptional analytical, problem-solving, and organizational skills.

- Strong written and verbal communication skills, with the ability to interact effectively with stakeholders at all levels.

- Certifications such as CRISC, CISM, CISA or CISSP highly preferred.

Key Attributes:

- Attention to detail and ability to manage multiple priorities.

- Proactive mindset with a focus on continuous improvement.

- Collaborative team player who can influence without authority.

Education and Experience:

- Bachelor’s degree in Information Security, Business Administration, or related field (required); advanced degree preferred.

- 4–6 years of experience in GRC, risk management, or compliance roles.

All offers of employment are contingent upon the successful completion of a background check and drug screen, subject to applicable laws and regulations.

UGI Corporation is an Equal Opportunity Employer. The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.