Enpro is currently seeking a Governance, Risk, & Compliance (GRC) Security Analyst to join our Information Security team headquartered in Charlotte, NC. The GRC Security Analyst will be responsible for advising and informing the overall IT Governance, Risk and Compliance strategy by supporting regulatory compliance programs, managing framework control adherence, leading and tracking security awareness initiatives, and tracking key security metrics and KPI's. The candidate will also work closely in collaboration with Enpro's Compliance, Legal, and Internal Audit Teams to ensure alignment on business priorities and enterprise risks are effectively managed. This role requires a balanced understanding of cybersecurity, privacy, compliance, and industry framework best practices, as well as the ability to understand new technologies and changing requirements. The GRC Security Analyst is also responsible for the maintenance of organizational policies.
The ideal candidate is technical and possesses at least five years of experience in security, compliance, or risk management. The role oversees the business' security requirements and obligations mandated by standards and frameworks such as the ISO27001/27002, NIST 800-53, etc. In tandem with security leadership, the GRC Security Analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the GRC Security Analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC Security Analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
MINIMUM QUALIFICATIONS/EDUCATION/WORK EXPERIENCE:
- Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
- Maintain oversight in a GRC-related platform.
- Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
- Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
- Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities.
- Escalate to security management and business unit leads when points of weakness are discovered.
- Analyze findings, and document, recommend, and report program gaps to security leadership.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
- Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
- Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
- Attend and fully engage in change and project management meetings.
- Liaison with auditors, both internal and external, to maintain and implement controls for compliance, privacy laws, and enterprise risk management.
- Perform other duties as assigned.
PREFERRED QUALIFICATIONS/EDUCATION/WORK EXPERIENCE:
- Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
- 5+ years of related experience required.
- Prior experience with leading GRC systems from vendors such as RSA, MetricStream and IBM.
- Prior experience working with frameworks such as ISO27001/27002 and NIST.
- Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
- Successful track record of managing external entities' contracts and relationships, and mitigating risks to business development opportunities.
- Familiarity with state, federal and international privacy laws.
- Highly trustworthy; leads by example.
- Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or GRCP.
Enpro is a leading industrial technology company using material science to push boundaries in semiconductor, life sciences, and other technology-enabled sectors. We are a leader in sealing technologies, advanced surface technologies, and highly engineered materials. Our products and services are sold into more than 40 distinct end-markets that touch our lives every day - from food and pharmaceutical facilities to semiconductor clean rooms, from agricultural robots that help grow your food to last-mile technologies that deliver it to your doorstep, from commercial aviation to space exploration, and much more in between. Our commitment to innovation, quality, and value has propelled our brands to wide recognition and leading positions in their markets.
Enpro is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
This job has expired.