You are viewing a preview of this job. Log in or register to view more details about this job.

Information Security Governance, Risk and Compliance Analyst

FM

Overview:

FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.


Responsibilities:

Reporting to the Manager Information Security Oversight & Assurance, the Information Security & Risk GRC Senior Specialist will play a key role on the Oversight & Assurance team by driving implementation of an enhanced Governance, Risk, and Compliance (GRC) platform. Working with key stakeholders across the organization, this individual will work to understand existing processes, define business and technical requirements, evaluate potential solutions, and work with a core team to test and implement the GRC platform. Once the GRC platform has been implemented, this individual will be responsible for ongoing governance, oversight, and maintenance of the solution. 

The primary focus of this position will be to mature FM Global’s Oversight & Assurance program through process improvement, policy, automation, and the continuous evolution of capabilities. This individual will develop, integrate, and administer complex GRC workflows. They will also be responsible for developing reporting metrics and dashboards that will improve management’s visibility of identified risks within their area of responsibility.

Responsibilities:
  • Implementation and ongoing support of new GRC tool. Includes onboarding of various security risk and control processes to ensure alignment with regulatory requirements and industry best practices; recommends opportunities for improvement as necessary. 
  • Serve as key point of contact, partnering with stakeholders across the organization to review and enhances business practices in alignment with GRC. 
  • Develop training materials and educate key stakeholders on GRC and use of the new tool.
  • Develop security risk and control metrics and reporting on a monthly, quarterly, and adhoc basis

Qualifications:

Minimum of 5 years of experience in IT Audit, security risk management, IT controls testing, or related security disciplines. Including a minimum of 3 years of experience with GRC. 

Experience with MAR, Sarbanes-Oxley Act, and PCAOB auditing standards is preferred.

Skills 
  • Able to operate with a high degree of independence with regard to project management activities, including development of project plans and resource estimates. 
  • Excellent communication and presentation skills. Demonstrated ability to work collaboratively with technical experts, business managers, and senior leadership. Ability to understand security risk, compliance, and technical issues and communicate into meaningful business and risk guidance and recommendation.
  • Proven ability to multi-task and establish priorities. Ability to work under tight deadlines and respond to changing business and technical environments. 
  • Cyber / information security / risk professional with the ability to think in terms of the risk rather than compliance, and risk improvement objectives rather than strict security requirements. 
  • Strong relationship building, influencing, and consultation skills; demonstrated ability to establish and maintain positive work relationships with peers, management, and key stakeholders.

Education
  • 4 year college degree/bachelors in Information Technology Audit, Risk, Computer Science, or closely related discipline or equivalent work experience.

We offer our employees a wide range of benefits including career long learning opportunities, tuition reimbursement, 401 (k), pension, flexible schedules, rich health and well-being programs, generous time off allowances, volunteer days and so much more! 

FM Global is an Equal Opportunity Employer and is committed to attracting, developing and retaining a diverse workforce.

Please note that all FM Global visitors, including external candidates interviewing for open positions will be required to be vaccinated and should be prepared to provide proof of vaccination. 

#LI-NL1