Senior Analyst, Technology Governance & Controls

CGC is a nonprofit investment firm that finances and originates clean energy, water, and resilient infrastructure projects to accelerate clean air, clean water, and affordable energy for communities across America.

We collaborate with the public and private sectors to bridge financing gaps and mobilize private capital into projects that deliver measurable economic and environmental impact at scale. Every dollar we invest is structured to multiply, generating durable returns for people, markets, and the environment.

Over the past decade, CGC has demonstrated the power of public-private investment by helping catalyze economic accelerators nationwide and mobilizing billions of dollars toward affordable clean energy and resilient infrastructure. Our model fills market gaps, unlocks private capital, and proves that economic growth and environmental progress can advance together.

A career at the CGC is grounded in impact. Our six core values guide how we invest and how we work together.

The Senior Analyst serves as a key internal resource for access governance, control evidence management, policy administration, risk tracking, vendor oversight support, continuity planning coordination, and governance reporting. This position translates governance expectations into practical, repeatable operating disciplines that support secure and efficient business execution. 

This role is well suited for a proactive professional who can operate effectively in a growing and evolving organization, bring structure where processes continue to mature, and execute with sound judgment, discretion, and a high degree of ownership. Success in this position requires collaboration, professionalism, strong written communication, and the ability to improve how work gets done through practical use of automation, AI tools, and modern workflow capabilities. This role is central to CGC's enterprise governance maturity, maintaining the frameworks, processes, and controls that allow IT systems, data, and vendors to operate with accountability and discipline.

• →Support CGC’s enterprise technology governance and control environment through disciplined administration of repeatable oversight processes. 
• →Coordinate periodic user access reviews, entitlement recertifications, segregation-of-duties support reviews, and permission validation activities across enterprise systems.
• →Maintain repositories of control evidence, approvals, documentation, and artifacts required for audits, internal reviews, external assessments, or regulatory inquiries.
• →Administer the lifecycle of technology-related policies, standards, and procedures, including version control, review schedules, approvals, acknowledgments, and publication tracking.
• →Support vendor governance and third-party risk management processes, including intake coordination, due diligence documentation, contract control support, and remediation follow-up.
• →Maintain governance logs and trackers related to risks, issues, exceptions, incidents, remediation items, and management action plans.
• →Administer and monitor the technology change management process including ticket completeness, approval validation, testing evidence review, and record retention within the Technology Service Desk in Jira.
• →Coordinate business continuity and disaster recovery governance activities, including inventories, documentation updates, exercise support, and remediation tracking.
• →Prepare dashboards, reports, metrics, and presentations related to governance performance, access controls, training completion, vendor reviews, policy status, and control maturity, including PowerBI reporting where applicable.
• →Assist in administration of security awareness initiatives, policy acknowledgments, phishing simulations, and workforce education programs.
• →Identify opportunities to streamline governance processes through workflow automation, AI-enabled productivity tools, agentic workflows, and improved operating procedures consistent with internal control expectations.
• →Partner with Finance, Legal, Risk, Operations, and business stakeholders to improve enterprise accountability and governance practices.
• →Handle sensitive information with discretion and professionalism, escalating concerns appropriately.
• →Operate with a high degree of ownership, reliability, and judgment in a dynamic environment with evolving priorities.
• →Perform other duties as assigned in support of CGC’s mission and operational needs.

• Experience in governance, internal controls, risk management, audit support, compliance operations, technology administration, or related business operations environments.
• Demonstrated experience managing documentation, evidence, approvals, trackers, or structured operational processes with strong attention to detail.
• Familiarity with access governance concepts, role-based permissions, and enterprise system control practices.
• Strong organizational skills with the ability to manage multiple priorities and deadlines.
• Excellent written communication and presentation skills.
• Demonstrated ability to operate effectively in evolving environments with changing priorities and developing processes.
• Proven professionalism, discretion, and sound judgment when handling confidential or sensitive matters.
• Demonstrated digital fluency and ability to quickly learn modern platforms and emerging technologies.

• Bachelor’s degree and 5+ years of directly related experience, or equivalent combination of education and experience.
• Experience supporting technology within financial services, nonprofit, startup, federally funded, or regulated environments.
• Familiarity with frameworks such as COSO, NIST, SOC, ISO 27001, or similar governance/control standards.
• Experience with enterprise platforms such as Vanta, Microsoft 365, PowerBI, Entra ID, Jira, Confluence, Box, NetSuite, Salesforce, or comparable systems.
• Experience supporting vendor management, procurement controls, contract administration, or third-party risk processes.
• Familiarity with workflow automation tools, AI productivity tools, prompt engineering, and emerging agentic workflow concepts.
• Certifications such as CISA, CRISC, Security+, ITIL, PMP, Lean Six Sigma, or similar credentials are a plus.