Governance, Risk, and Compliance Analyst
Location
Columbia, MD | United States
Job description
Requisition ID: 22359
Built on talent, technology, and trust, Grace is a leading global supplier of catalysts and engineered materials. The company’s two industry-leading business segments—Catalysts Technologies and Materials Technologies—provide innovative products, technologies, and services that enhance the products and processes of our customers around the world. Grace employs approximately 4,300 people in over 30 countries.
Job Description
We are hiring a Governance, Risk, and Compliance (GRC) Analyst to join our team in Columbia, MD. The role will report to the Deputy Chief Information Security Officer. This position is located at our corporate headquarters in Columbia, MD with a hybrid schedule Mondays, Wednesdays and Thursdays on campus and Tuesdays and Fridays remote.
The Governance, Risk, and Compliance (GRC) Analyst is accountable for assessing program alignment with the established cybersecurity standards and guidelines, as well as executing the cybersecurity risk management program at Grace. This position will collaborate closely with various stakeholders to create and support security communication, awareness, and training throughout the organization. Experience with security and compliance testing is preferred.
Responsibilities
- Develop, maintain, and support security communication, awareness, and training for audiences throughout the organization.
- Assist with the implementation of a risk management program and framework for Grace
- Support process improvement through the development of policy, guidance, and process documents in alignment with overarching cybersecurity framework and standards
- Further refine control and audit mechanisms to monitor and maintain compliance with framework and standards.
- Perform due diligence with third party vendors to ensure compliance with organization requirements.
- Assist cybersecurity personnel, resource owners, and IT staff in understanding and responding to security assessment gaps reported by the team.
- Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contract language aligned with the cybersecurity protection addendum.
- Work with various stakeholders to identify information asset owners to classify data and systems
- Inform, advise, and issue recommendations regarding regulatory compliance with respect to data protection laws
- Provide Cybersecurity consultancy with the IT security project Managers and wider teams for security requirements and solutions.
- Prepare executive level reports and metrics
- Perform other related duties as required by your manager.
Required Qualifications
- Bachelor’s degree in Information Technology or equivalent work experience
- 4 years in a control assessment, third party risk and/or cybersecurity role or supporting role
- Excellent verbal, written and interpersonal communication skills
Preferred Qualifications
- Any industry recognized Information Security accreditation including CISSP, CISM, CRISC is desirable
- Knowledge of security and compliance testing IT Infrastructure, and exposure to any IT GRC tool such as Service Now will be a plus.
Benefits
- Medical, Dental, Vision Insurance
- Life Insurance and Disability
- Grace Wellness Program
- Flexible Workplace
- Retirement Plans
- 401(k) Company Match – Dollar to dollar up to the first 6%
- Paid Vacation and Holidays
- Parental Leave (salaried only)
- Tuition Reimbursement
Grace is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Grace via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Grace. No fee will be paid in the event the candidate is hired by Grace as a result of the referral or through other means.
Job tags
Salary