Cybersecurity GRC, Compliance Analyst

Job Title: Cybersecurity GRC — Compliance Analyst

Our Division: Trimble Cybersecurity

About the Role:

In order to improve integrity between physical and digital worlds, Governance, Risk and Compliance (GRC) facilitates the integrated collection of capabilities necessary to support connected performance. GRC doesn’t burden the business, it supports and improves it by adding value through establishing efficiencies, centralizing policy and creating metrics to reduce risk to maintain Trimble brand equity. GRC resides within the corporate Trimble Cybersecurity team.To be considered for this position, you must be familiar with security frameworks and security control auditing; (e.g., ISO 27001, ISO 27701, ISO 42001, SOC 2, NIST*, CSF), risk assessments and scoring, conducting gap analysis, internal audits, and external audit coordination. Flexibility to work 6 months project based and 6 months audit. Proficiency in English is essential.We are looking for a self-motivated, mildly technical but versatile individual contributor looking to fill a Cybersecurity Compliance Analyst role by joining a diverse and collaborative international cybersecurity team for a large dynamic publicly traded company. You will be responsible for helping to ensure Trimble’s product portfolio maintain compliance to an array of frameworks (ISO 27001, ISO 27701, SOC 1 & 2, NIST*).

What You Will Do

• Perform ISO 27001, ISO 27701, SOC 2 & NIST 800−171 gap analysis and recommend process, procedural, documentation and tooling recommendations to remediate.
• Improve Compliance and certification scope efficiency via review and enhancements of the Trimble Common Control Framework
• Perform ISO 27001 & ISO27701 Internal Audits.
• Perform SOC 2, NIST 800−171 Internal & External Audits
• Contribute to annual policy revisions and maintenance of the IMS.
• Constantly coordinate with key business stakeholders and the external auditor
• Present metrics derived from the Integrated Management System, audit results, trends in risk, and corrective action plans to senior leadership.
• Contribute to the creation of processes and procedures that increase efficiency of the overall compliance program across all standards and frameworks.
• Collaborate with Cybersecurity team members, Trimble businesses across various geographies.
• Contribute to risk management processes to ensure business risk posture is properly calculated and proactively managed.
• Produce and analyze information that will accurately demonstrate the risk posture of each business and drive actions to reduce and manage technical risks.
• Be able to understand and communicate technical risks to a broad set of stakeholders. Must be able to adjust delivery to the audience.

What Skills & Experience You Should Have

• Preferable a relevant degree in Data Science, Computer Science or Engineering (Software or Electrical)
• Current general security certifications (e.g., SEC+, GSEC) encouraged but not required
• ISO 27001 Certified Internal / Lead Auditor and or equivalent experience.
• 2 years experience working with ISO 27001, ISO 27701, SOC 2 and or NIST 800−171
• Proficiency in English (written and oral)
• 2 years experience in a risk management role, information security role or systems engineer/administrator role in a large, international software company

How to Apply: Please submit an online application for this position by clicking on the ‘Apply Now' button located in this posting.

https://trimble.eightfold.ai/careers/job/171837659496