Governance Risk Compliance (GSR) Sr Analyst

Job Title: GRC Sr Analyst

Position

The GRC Sr Analyst core responsibility is the continuous defense of Equans Americas' systems and networks against internal and external threats. This includes Governance, Risk, and Compliance functions including business impact analysis (BIA), third-party risk management, risk assessments, business continuity/disaster recovery planning (BC/DR), disclosing security breaches, and training/educating the organization on information security policies and best practices.

Reports to

Americas Chief Information Security Officer (CISO) or Deputy CISO

Functions and responsibilities

· Leads technology governance, risk and compliance initiatives as a key member of Americas Cyber team.

· Ability to mentor junior team members and provide guidance and support in meeting their objectives.

· Continued improvement of Third-Party Risk Management (TPRM) program and processes.

· Engage with business partners to have meaningful discussions on threats, compensating controls, policies and risk.

· Coordinate with IT operations and Business stake holders to maintain and/or establish an effective disaster recovery and business continuity plan.

· Work with CISO, HR, and business stake holders to educate and empower employees in protecting the Equans IT landscape.

· Develop, refine, and implement security policies, procedures, and standards to meet compliance responsibilities.

· Provides privacy guidance on security projects that hold personal identifiable information (PII).

· Ensures security compliance with legal and regulatory standards.

· Prepare reports for management on compliance status.

· Provide information assurance and subject matter expertise as required in support of panels, committees, and working groups.

· Perform threat analysis, security audits, and risk assessments.

· Help define, monitor, and report on cyber security practices, controls, and KPIs.

· Assist in review of and provide feedback on new or changing corporate security policies and processes.

· Carry out other duties assigned by management as required.

Education

· Bachelor's degree or higher in Computer Science, Information Systems, or equivalent experience.

Experience

· 6-10 years of experience in information security risk and compliance program management required.

• Leadership or management experience a strong advantage.

Technical skills

· Hands on experience of implementing security and risk frameworks NIST and ISO27001

· Strong knowledge of data protection / privacy requirements

· One or more certifications in the field of cybersecurity preferred including: CISSP, CISM, CISA, CIPP/US, CRISC, CDPSE, CGEIT

· Strong understanding of applicable information security management, governance, compliance principles, practices, laws, rules, and regulations including NIST CSF, ISO 27001/27002, GDPR, CMMC, and CIS.

Executive/personal skills.

· Demonstrate problem-solving, critical thinking, and logical structuring skills.

· Strong communication skills with the ability to engage with system and network administrators, systems users, and managers.

· Participate in the improvement and development of process and procedure documentation.

· Possess an information security and operations mindset.

· Expert understanding of information risk concepts and principles as a means of relating business needs to security controls.

· Good understanding of cyber security incident response processes and procedures.

· Keep current with emerging cybersecurity best practices, guidelines, mandates, standards, regulations, trends, alerts, and issues.

· Ability to meet the highest attendance requirements.

· Ability to handle multiple assignments on a timely basis with a high degree of accuracy.

· Ability to work independently to perform analysis and investigations.

Idioms

· Strong proficiency in conversational and technical English.

· French and/or Spanish language skills a strong plus.

Working Environment

Work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is not exposed to weather conditions.

The noise level in the work environment is usually moderate.