Title: Information Security GRC Analyst
Preferred Locations: Westminster CO, USA / Remote
Department: Trimble Cloud xOps
Are you an organized self-starter that is experienced working within Governance, Risk, Compliance, and Audit? Do you like to work with multiple simultaneous projects that scale in scope? Do you shine in high visibility roles, working across multiple levels and lines of business? If so, Trimble is recruiting an Information Security GRC Analyst in Westminster CO, USA / Remote
As the Information Security GRC Analyst, you will join the existing Cloud Governance: Compliance team contributing to the continual effort of Governance, Risk, Compliance, and Audit across multiple Trimble Divisions, tasked with conducting Onboarding, Gap Analysis, Internal Audits, Audit Management, and Risk Assessments.
About Trimble Cloud xOps
Trimble Cloud xOps is a shared services organization for Trimble divisions delivering technology services to Construction, Agriculture, Buildings, Transportation, and Natural Resources markets using public cloud. We offer public cloud access and billing, common infrastructure and security services, consulting and application operations, and a suite of DevOps tools hosted for the enterprise. As public cloud usage at Trimble is growing, Trimble Cloud xOps is looking to expand the team and breadth of our service offerings.
Information Security GRC Analyst Responsibilities
Perform NIST 800-171 Control Gap Analysis and recommend process, procedural and documentation improvements in order to achieve successful attestation.
Perform SOC 2 Type I and II assessments of processes, documentation, and policy in preparation for External Audit.
Perform ISO/IEC 27001 Internal Audits of processes, policy, and systems in line with ISMS Compliance.
Support internal and external ISO audit teams through audit management in periodic audits of the ISMS.
Track and implement corrective action plans / remediation resulting from audit findings.
Perform readiness assessments and gap analysis of new Trimble Divisions interested in onboarding to ISO 2700, SOC 2 and NIST 800-171.
Guide Trimble Divisions through and suggest remediation of control gaps.
Policy Management; annual review and maintenance of the ISMS.
Contribute to periodic update of existing ISMS documentation and work with staff to expand the ISMS scope to new sites.
Present ISMS metrics, audit results, trends in risk, and corrective action plans to senior management.
Contribute to the creation of processes and procedures that increase efficiency of the overall compliance program across all standards and frameworks.
Keep up-to-date with the Information Security and GRC related materials, share and communicate changes to standards with the compliance team and other key stakeholders.
Willingness to Travel (5-10%, Continental when COVID restrictions are lifted)
Required Skills & Experience
5 + years of working experience in Information Technology, Security Analysis, Governance, Risk and Compliance, inclusive of audit and attestation.
Proven NIST 800-171 & SOC 2 experience, from onboarding through Gap Analysis, suggested remediation of gaps and supporting final attestation.
Experience in designing security controls that span multiple standards and frameworks.
Produce efficiency through security control consolidation and mapping across various standards and frameworks.
Excellent analytical, problem-solving and decision making skills.
Ability to work with cross functional teams across organizational and cultural boundaries to achieve policy and process compliance.
Ability to work independently and manage a fluid workload.
Experience in managing multiple customers or projects with competing priorities.
Understanding of technical and organizational security vulnerabilities, threats, and risks.
Excellent organizational and presentation skills.
Willingness to learn and adapt as the situation arises.
Desired Skills & Experience
Bachelor's or Master's degree in an IT field.
ISO/IEC 27001 Certified Internal / Lead Auditor and or equivalent experience.
'Big 4' Experience in ITGC, SOC2, ISO 27001 Audits.
NIST 800-53
FedRAMP
CISA/CISSP/CISM/CRISC or other security certifications.
Proven experience with AWS and or Azure Cloud Infrastructure.
Experience with any SIEM tools such as Splunk is desirable.
Experience with any dashboarding applications such as Domo, Power BI
Work history in such areas as Networking, IT Security and Software development.
Key Benefits of the Role
High visibility by virtue of regular interactions with senior stakeholders.
Part of a dynamic and growing team across multiple Trimble locations.
Flexible Working Arrangements as per Trimble's Flexible Work Arrangement Program.
-
Pay Equity-
Trimble provides the following compensation range and general description of other compensation and benefits that it in good faith believes it might pay and/or offer for this position. This compensation range is based on a full time schedule. Trimble reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant's sex or other status protected by local, state, or federal law.
-
Hiring Range:
79924-
106000-
Bonus Eligible?
Yes-
Trimble offers comprehensive core benefits that include Medical, Dental, Vision, Life, Disability, Time off plans and retirement plans. Most of our businesses also offer tax savings plans for health, dependent care and commuter expenses as well as Paid Parental Leave and Employee Stock Purchase Plan.
-