Hexagon Asset Lifecycle Intelligence · 2 days ago
Senior Information Security Governance, Risk, and Compliance Analyst
Wonder how qualified you are to the job?
Insider Connection @Hexagon Asset Lifecycle Intelligence
Responsibilities
Support the development, implementation, and maintenance of the information security risk and controls program.
Support the implementation and testing of a comprehensive information security controls framework while developing innovative risk mitigation strategies with cross-functional teams.
Govern and report on findings, tracking status, and ensuring corrective actions are complete and sustainable.
Communicating with technical and non-technical stakeholders and leaders on information security risk and controls management topics and program-specific reporting
Staying up to date on current cybersecurity threats, vulnerabilities, trends, and best practices to proactively evolve the information security risk and controls program.
Support information security risk identification & assessment, response & mitigation, control monitoring & reporting.
Gather and evaluate information, including supporting auditors, investigations, and customer requests.
Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance.
Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues.
Assist is the completion of customer questionnaires.
Assist on root cause analysis on incidents to determine underlying causes.
Participate in the company’s business continuity plan and cyber security table-top exercises.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor's Degree in computer science, computer engineering, management information systems, information technology or a similar field. An equivalent combination of education, certifications and experience may substitute for a degree
Minimum 8 years in an Information Security GRC function with expertise and accomplishments directly relevant to the position
Knowledge and experience of information security standards and compliance requirements such as ISO 27001, CIS Controls, NIST 800-171, CMMC, TISAX, GDPR, etc.
IT/Information security technology and controls experience (e.g., cyber security, network, infrastructure, applications, cloud services, projects, etc.)
Internal control implementation, including the evaluation of the design and operating effectiveness of controls
Advanced knowledge of testing techniques and data analysis principles, as well as the ability to interpret results
Advanced-level communication, presentation, and relationship management skills with technical and non-technical audiences
Ability to travel internationally
English (fluent written and verbal)
Citizenship Requirement: Due to the nature of this position and its involvement with government-related contractual obligations, applicants must be U.S. citizens.
Preferred
One or more relevant certifications (e.g., CRISC, CISSP, CISM, CISA, CCSP, ISO 27001 Lead Auditor)
Drive multiple projects, achieve key milestones, with ability to reprioritize work in a fast-paced environment
Sustain effective engagement and take ownership, demonstrate a sense of urgency, and ensure accuracy and quality
Proficiency with GRC systems
Company
Hexagon Asset Lifecycle Intelligence
Hexagon’s Asset Lifecycle Intelligence division helps clients design, construct, and operate more profitable, safe, and sustainable industrial facilities.