Hexagon AB
Senior Information Security GRC Analyst
Hexagon AB, Madison, Alabama, United States, 35756
As the Governance, Risk, and Compliance analyst, you will play a pivotal role in ensuring the information security policies and procedures are implemented and adhere to regulatory requirements, implementing effective risk management strategies, and establishing governance frameworks. This position requires a deep understanding of industry regulations and best practices, excellent communication skills, and the ability to develop and implement robust compliance programs.
Regulatory
Compliance
Keep up to date with relevant industry regulations and ensure the organization adheres to applicable laws and standardsDevelop and implement compliance programs to mitigate risks associated with regulatory non-compliance
Risk Management
Identify, assess, and prioritize risks associated with business operations and IT servicesDevelop and implement risk management strategies to minimize the impact of identified risks
Governance Framework
Establish and maintain effective governance frameworks to ensure accountability and transparencyCollaborate with leadership to define and communicate governance policies and procedures
Audit and Assessment
Plan and conduct internal audits to evaluate the effectiveness of governance, compliance, and risk management processesWork with external auditors and regulators to facilitate external assessments
Policy Development
Develop and update governance, compliance, and risk management policies to reflect industry best practices and regulatory changesEnsure policies are communicated effectively and understood across the organization
In-depth knowledge of IT governance, risk management and compliance principlesStrong understanding of relevant industry regulations and standardsExcellent analytical and problem-solving skillsEffective communication and interpersonal abilitiesAbility to develop and maintain strong relationships with internal and external stakeholders
Education and Experience
Bachelor's, or Master's degree, in Business, IT, Risk Management, or a related field. Education can be substituted for experience.3+ years of experience in a similar role, with a focus on governance, risk management, and compliance within the IT or MSP industry.Relevant certifications such as CISA, CRISC, CISM, CISSP, or similar.
Regulatory
Compliance
Keep up to date with relevant industry regulations and ensure the organization adheres to applicable laws and standardsDevelop and implement compliance programs to mitigate risks associated with regulatory non-compliance
Risk Management
Identify, assess, and prioritize risks associated with business operations and IT servicesDevelop and implement risk management strategies to minimize the impact of identified risks
Governance Framework
Establish and maintain effective governance frameworks to ensure accountability and transparencyCollaborate with leadership to define and communicate governance policies and procedures
Audit and Assessment
Plan and conduct internal audits to evaluate the effectiveness of governance, compliance, and risk management processesWork with external auditors and regulators to facilitate external assessments
Policy Development
Develop and update governance, compliance, and risk management policies to reflect industry best practices and regulatory changesEnsure policies are communicated effectively and understood across the organization
In-depth knowledge of IT governance, risk management and compliance principlesStrong understanding of relevant industry regulations and standardsExcellent analytical and problem-solving skillsEffective communication and interpersonal abilitiesAbility to develop and maintain strong relationships with internal and external stakeholders
Education and Experience
Bachelor's, or Master's degree, in Business, IT, Risk Management, or a related field. Education can be substituted for experience.3+ years of experience in a similar role, with a focus on governance, risk management, and compliance within the IT or MSP industry.Relevant certifications such as CISA, CRISC, CISM, CISSP, or similar.