Sr. Information Security GRC Analyst

Mohawk Industries - Calhoun, GA

posted 13 days ago

Full-time - Mid Level
Calhoun, GA
251-500 employees
Textile Product Mills

About the position

The Senior Information Security GRC Analyst at Mohawk Industries is a key contributor responsible for facilitating and supporting the Security function and projects to address a variety of IT issues. This role involves evaluating and implementing network architecture and cybersecurity services, with a strong emphasis on Governance and Risk Compliance (GRC) policy development and management. The ideal candidate will leverage innovative technology to enhance global GRC processes while ensuring compliance with industry standards and frameworks.

Responsibilities

  • Develop and manage security policies, standards, procedures, and processes aligned with frameworks such as CIS, ISO 27001/2, COBIT, ITIL, NIST, and PCI-DSS.
  • Create asset lists detailing software and firmware for cybersecurity assessments.
  • Provide documentation on network and system specifications to address cybersecurity vulnerabilities and implement necessary security controls.
  • Participate in cross-functional project teams to design, implement, and test cybersecurity standards and technologies during project execution phases.
  • Author technical documentation, including product configuration/implementation guides, test plans, and user administration guides.
  • Perform high-quality analysis and support the development of architecture, FAT/SAT procedures, and cybersecurity work for project execution.
  • Collaborate with Global Functional Owners to develop Global Cyber Security work processes and procedures.
  • Interpret cybersecurity program policies and support the development of procedures.
  • Monitor and report control gaps in IT and cybersecurity programs, supporting policy and procedure development.
  • Participate in enterprise architecture development by collaborating with the Enterprise Architecture COE.
  • Perform governance and oversight functions, evaluating document categorization and aligning controls to minimize redundancy.
  • Lead or participate in internal IT, Cybersecurity, and third-party GRC activities for various information systems and processes.
  • Supervise the monitoring, remediation, and reporting of control gaps in IT and Cybersecurity programs.
  • Advise on IT risk management issues, including risk and control gap assessments and documenting mitigation strategies.
  • Stay updated with industry best practices and regulatory/legal requirements relevant to IT and Cybersecurity risk management.
  • Facilitate communication and collaboration with technology leaders and key corporate risk groups to ensure GRC program awareness.

Requirements

  • Bachelor's degree in a related field preferred.
  • 4-6 years' relevant experience OR equivalent combination of education and experience.
  • Cybersecurity-relevant accreditations such as CRISC, CISSP, CISM, CISA, CCSP, ISA/IEC62443, SANS or other internationally recognized certifications are preferred.
  • Minimum 3 years' experience in Information Technology (IT), Operational Technology (OT), or related field with at least 2 years focused on designing, building, and managing cybersecurity for industrial control systems and networks.
  • Strong knowledge and understanding of controls systems (SCADA/DCS/PLCs, etc.) and relevant protocols (Modbus TCP, Ethernet/IP, PROFINET, DNP3, IEC61850, etc.).
  • Working knowledge of Variable Frequency Drives (VFD's).
  • Working knowledge of key technologies including Firewalls, IDS, Anti-Virus, Vulnerabilities assessments, etc., in the ICS/OT networks.
  • Working knowledge of cybersecurity frameworks and standards, including the Policy Life Cycle Management (PLCM) process.

Nice-to-haves

  • At least one of the following certifications from a nationally recognized organization is preferred: IMINS certification, GIAC Security Essentials Certification (GSEC) or equivalent, GIAC Systems and Network Auditor (GSNA), ISACA Certified Information Systems Auditor (CISA), or equivalent, Cisco Security Certification: (CCNP), ISC2 Certified Information Systems Security Professional (CISSP).
  • Additional cybersecurity certifications such as CISM, ISO 27001, NIST800, CSET, etc., will be a plus.

Benefits

  • Competitive salary
  • Health insurance
  • 401k plan
  • Paid holidays
  • Professional development opportunities
  • Flexible scheduling
  • Employee discount programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service