IT Governance, Risk and Compliance (GRC) Analyst (Security Team)- Remote

Job Overview

The ideal candidate for the IT Governance, Risk and Compliance (GRC) Analyst (Security Team) role will have a strong desire to be part of a growing information security team in a high-volume, dynamic environment.  The IT GRC Analyst is a key member of the GRC team within TE’s Security & Risk Management (SRM) function.  The SRM function is part of TEIS (TE Information Solutions) and has global enterprise-wide responsibility for information/cyber security, technology risk and controls, IT compliance and related areas across TE Connectivity.  

RESPONSIBILITIES

-    This person will focus on the execution and coordination of IT security governance, risk and compliance processes related to a broad range of global government and industry regulations and requirements.  
-    Lead IT control testing and gap analysis in support of TE’s  information security programs, including  Sarbanes Oxley (SOX),  the US Defense Federal Acquisition Regulation Supplement (DFARs) 7012 & Cybersecurity Model Maturity Certification (CMMC).  
-    Work with business and technical groups to assess IT risks, recommend enhanced governance and controls, perform self-assessments and recommend improvements in control design.
-    Create and maintain documentation regarding TE’s security and operational controls to support audits and certifications. 
-    Oversee and govern security controls that should meet TE global IT policy and regulatory requirements.
-    Perform and update IT risk assessments, maintain governance repositories and documentation and leverage security metrics to track progress.
-    Ensure data subject to regulations and advanced protection requirements are safeguarded during M&A & IT transformation activities.
-    Work with corporate and BU Legal teams to ensure alignment on cyber risk reporting requirements, customer contractual requirements and serve as a point person for segment and BU CIOs.
-    Identify gaps in the design and operating effectiveness of controls and identify improvements that reduce risk and/or align TE with industry recognized internal control frameworks. 
-    Complete security assurance questionnaires from internal and external stakeholders, including customers and cyber-insurers.

What your background should look like:

•    General knowledge of information security and controls and related technologies, including identity & access management; database, operating system, and network security; endpoint security; application security; data protection and leakage; vulnerability management; security logging and monitoring.
•    Familiarity with regulations relevant to IT security and compliance for a public, global manufacturing company (e.g. SOX, PCI, HIPAA, US and international privacy regulations; US and international cybersecurity regulations and export restrictions such as DFARS, ITAR and UKML) and/or Controls Frameworks (e.g., COSO, COBIT, NIST, ISF Standards of Good Practice, ISO 27001); and industry or regionally specific certifications (e.g., TISAX; UK CyberEssentials).
•    Experience with any of the following is a plus: manufacturing and OT/ICS systems; support of or experience with Risk Management Systems (e.g. Archer or others), IT audit; governance for IT outsourcing; risk management frameworks; and Kaizen/lean methodologies.
•    Ability to track and manage numerous parallel activities.
•    Ability to identify opportunities for continuous improvement and execute on them. 
•    Ability to work efficiently and independently with minimal supervision (i.e., self-motivated, and willing to stretch to meet important deadlines).
•    Ability to work successfully in a cross-functional team environment.
•    Bachelor’s degree (High School +4 years)  
•    Active security certification (CISSP, CISM, CRISC or CISA) or equivalent is a plus
•    Years of experience: 4 - 7 years or more

Competencies