Job Description: Participates in IT GRC team efforts to plan, design, implement and maintain IT Governance, Risk & Compliance initiatives and their supporting elements.Scoping of relevant business entities, systems, & processesIdentification of and coordination with Risk & Control Owners on all relevant requirementsConsultation and assistance to Risk & Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) as appropriate.Development of appropriate technical job aids and automation (e.g. scripts, queries, dashboards, etc.) in support of control performance, monitoring and assessment.Alignment and coordination with Financial Controls, Internal Audit teams as appropriateCoordination with and support of External Audit partners in the planning, execution of, and reporting on annual external testing of Internal (IT General) Controls over Financial Reporting.Coordination, tracking and reporting of remediation plans and progress for all identified IT Control deficienciesEnables the performance of specific IT control activities in support of business objectives. Collection and distribution of appropriate and relevant data in a timely fashion for the performance of access reviews and other identified control activitiesIdentification and communication of deficiencies and other items of concern to appropriate parties during the performance of control activities for timely correction and/or remediation as neededMaintenance and archiving of all relevant data and supporting documentation as evidence of the performance of control activitiesPerform duties as requested by Management, in addition to the essential job functions described above.
We have an exciting opportunity for an IT GRC Analyst to join the Ferguson IT Security team.
The IT GRC Analyst will assist with and participate in the planning, design, implementation, operation, and maintenance of IT Governance, Risk & Compliance (GRC) efforts intended to support Business and IT Risk Management and Assurance goals and objectives. Primary functions include: the collection of appropriate and relevant data for the monitoring and analysis of specific IT control activities, liaising with and providing consultative support to IT control owners and performers, generation of reports for analysis, assessment and presentation to IT and business management, recommendations on and tracking of control remediation, and coordination of efforts with internal and external auditors. This position works directly with IT, HQ, Management, Group staff and Operating Companies, Small Businesses and Subsidiaries, and with external business partners to achieve the necessary business goals.
**This role is approved to site 100% remote. If local to the Newport News, VA area, you will have the option for in-office work, once permitted.**
DUTIES ANDRESPONSIBILITIES: Analyze and recommend operational and business workflow changes to management in order to strengthen the control environment/security posture.
QUALIFICATIONS AND REQUIREMENTS: A minimum of four (4) years' experience in Information Security and/or TechnologyBachelor's or Associate Degree in Information Security, Information Technology or Information Technology Management.Prefer candidate with critical technical and leadership-oriented IT security certifications, such as CISSP, CISM, or equivalent.Proven experience in planning, organizing, and developing IT security teams and strategy, whether staff or third partiesSubstantial exposure to data processing, hardware platforms, enterprise software applications and outsourced systems, with preference in Microsoft Technologies.Expertise in leverage of cloud-based solutions necessary to enable the distributed enterprise.Good understanding of computer systems characteristics, features and integration capabilitiesProven leadership ability; ability to instill confidence in the business and demonstrate the business value of ITExceptional leadership skills with the ability to develop and communicate an enterprise security vision that inspires and motivates staff and aligns to the IT and business strategyEffective influencing and negotiation skills in an environment where resources may not be in direct control of this roleExcellent analytical, strategic conceptual thinking, strategic planning and execution skillsStrong business acumen, including industry, domain-specific knowledge of the enterprise and its business unitsExpertise in budget planning and financial managementSuccess in leveraging both traditional best practices, such as IT service management practices based on ITIL, as well as emerging methods like DEV/SEC/OPS that are optimized for agilityDemonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfiedStrong vendor management and partner relationship skillsExcellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforceAbility to motivate as a servant leader in a team-oriented, collaborative environment
The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.