Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!
Job Description
Governance, Risk and Compliance (GRC)Analyst
Position Description
Rockwell Automation is seeking a GRC analyst who will be responsible for implementing information management systems (ISMS)across a diverse range of products and business operations and jurisdictions. The candidate will participate in efforts to establish and test cybersecurity controls, generate and manage ISMS documentations such as policies, procedures and metrics, and coordinate certification audits. They will also work on risk assessment, analysis and evaluations and communicate broadly with multiple internal and external auditors. Ultimately, they work with external auditors to deliver compliance certifications and attestations.
Key Responsibilities:
Implement information security management systems such as ISO 27001, SOC 2, NIST CSF ETC.
Evaluate the information security management system to determine its fit for the organization- providing recommendations and actions to remediate deficiencies.
Co-ordinate internal and external audits against processes and systems, benchmarking them against multiple standards such as ISO 27001, SOC 2, SOX, TiSAX etc. and internal policies.
Develop and document processes that reduce potential for introduction of security risks, provide opportunities to automate, and provide continuous improvement measures.
Respond to qualifying compliance incidents and invoke appropriate resources to deal with the incidents.
Support external audits and evaluations by external assessors.
Conduct risk assessments and vulnerability assessments and provide effective recommendations.
Help maintain and improve the ISMS through periodic sustaining activities
Basic Qualifications
Degree or Equivalent Relevant Experience in Cybersecurity Governance Risk and Compliance
Preferred Qualifications:
3-5 years of experience in control and assurance related role
Good understanding of Software-as-a-Service (SaaS) business model and operations
CISA, CISSP, ISO 27001 Lead Auditor or Implementer certification is a plus
Understanding of different security frameworks and standards such as NIST 800 series, SOC 2, ISO 27001, and TiSAX.
Great ability to explain technical concepts to business users
Experience from consulting firms
CISSP, CISA, CISM
Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.
