Security Analyst - Governance, Risk and Compliance (GRC)

Description

About Us :

EMCOR Group, Inc. (NYSE : EME) is a Fortune 500 company and a leader in mechanical and electrical construction, industrial and energy infrastructure, and building services.

A provider of critical infrastructure systems. EMCOR gives life to new structures and sustains life in existing ones by it planning, installing, operating, maintaining, and protecting the sophisticated and dynamic systems that create facility environments. This includes electrical, mechanical, lighting, air conditioning, heating, security, fire protection, and power generation systems in virtually every sector of the economy and for a diverse range of businesses, organizations and government. EMCOR represents a rare combination of broad reach with local execution, combining the strength of an industry leader with the knowledge and care of 170 locations.

Job Title : Security Analyst – Governance, Risk and Compliance (GRC)

Job Summary : This position is responsible for supporting the maintenance of EMCOR’s Security Program and protecting EMCOR’s information assets and technologies. This includes ensuring the implementation and maintenance of EMCOR’s Governance, Risk, and Compliance (GRC) Program.

Essential Duties and Responsibilities :

Conduct internal and external information security risk assessments.

Assist in day-to-day evaluations with compliance of EMCOR’s Security & Compliance policy, procedures, and standards.

Maintain Information Security and IT compliance policies, systems, and processes.

Assist in the implementation and maintenance of EMCOR’s Internal & External GRC solutions.

Maintain compliance framework alignment reviews.

Track, manage and follow-up on detected information security risk.

Collaborate with EMCOR senior Security & Compliance personnel to determine appropriate risk treatment plans.

Assist in the development of creation and distribution of GRC reports.

Assist with monthly, quarterly, and annual corporate led internal or regulatory security audits.

Work with leadership to continually improve the security program.

Perform periodic reviews of operating company security processes.

Special projects as assigned.

Qualifications :

Minimum of 3 years working in Governance, Risk, and Compliance.

Minimum of 2 years working with vendor risk management tools.

Experience in performing internal and vendor risk assessments, risk treatment, risk tracking, risk reporting, policy life-cycle management, compliance assessments, and compliance tracking.

Experience comprehending, reviewing, and aligning industry best security controls and frameworks i.e., NIST CSF, NIST 800-53, NIST 800-171 to organizational policies, standards, and procedures.

In-depth knowledge and understanding of regulatory compliance concerns and industry-standard security and risk frameworks.

CISA, CRISC, CISSP, GSEC certification or higher education is preferable.

Ability to effectively communicate and interact with personnel at all levels.

Good project management and effective time management skills.

Must be capable of delivering a very high level of customer service.

Accountability and Measurement

Support and maintain EMCOR's Security Program.

Notice to prospective employees : There have been fraudulent postings and emails regarding job openings. EMCOR Group and its companies list open positions here () . Please check our available positions to confirm that a post or email is genuine.

EMCOR Group and its companies do not reach out to individuals to help with marketing or other similar services. If an individual is contacted for services outside of EMCOR’s normal application process – it is probably fraudulent.

As a leading provider of mechanical and electrical construction, facilities services, and energy infrastructure, we offer employees a competitive salary and benefits package and we are always looking for individuals with the talent and skills required to contribute to our continued growth and success. Equal Opportunity Employer / Veterans / Disabled

emcor

LI-MJ1

Qualifications

Education

Required

• High School or better

Experience

Required

3 years : Minimum of 3 years working in Governance, Risk, and Compliance.

2 years : Minimum of 2 years working with vendor risk management tools.

Preferred

Experience in performing internal and vendor risk assessments, risk treatment, risk tracking, risk reporting, policy life-cycle management, compliance assessments, and compliance tracking.

Experience comprehending, reviewing, and aligning industry best security controls and frameworks i.e., NIST CSF, NIST 800-53, NIST 800-171 to organizational policies, standards, and procedures.

In-depth knowledge and understanding of regulatory compliance concerns and industry-standard security and risk frameworks.

CISA, CRISC, CISSP, GSEC certification or higher education is preferable.