Sr. GRC Analyst

Your Job

The Sr. Cyber Security GRC Analyst will be responsible to help operationalize and mature a comprehensive enterprise Governance, Risk & Compliance capability.

This role will coordinate security activities with GP operating units and third-party infrastructure providers in a complex multi-business, multi-platform IT environment.

• The candidate will be a working team member focused on security frameworks; cyber security program, policies, and standards;
• defining and refining security metrics and dashboards; managing the cyber security risk register processes and risk profile;

audit & assurance activities; security awareness; and vendor risk assessment processes.

The ideal candidate will be highly skilled in 2 or more of the Governance, Risk, and Compliance areas, and have a strong passion to work in a collaborative team environment.

Candidate will be a self-motivated, innovative, strategic thinker with experience in implementing, operationalizing, and maturing cyber security capabilities.

Our Team

The Georgia-Pacific GRC team is a dynamic group dedicated to managing the security and compliance of our organization. Our key objectives include performing risk analysis and tracking risk, operationalizing cyber security standards, and building a cyber awareness capability.

We work collaboratively to achieve our goals and are constantly striving to improve our processes and procedures. As a member of our team, you will have the opportunity to contribute to these important initiatives and help shape the future of our company's security posture.

Join us in our mission to protect and secure our organization.

What You Will Do

• Map the GP cyber security program to multiple standard industry security frameworks, regulations, and best practices (ISO / NIST, C2M2)
• Collaborate to develop cyber dashboards and meaningful security metrics to monitor cyber posture and communicate risks to Senior Leadership
• Maintain, operationalize, and mature security policies, standards, and procedures
• Develop and mature the ongoing security audit program to monitor and verify the effectiveness of security; analyze data, develop trend analysis and ensure compliance to existing standards, policies, and procedures
• Monitor regulatory compliance as required (CFATS, MTSA, GDPR, PCI)
• Participate in third party risk assessment process and respond to external customer security inquiries
• Maintain detailed incident response procedures that ensure integration with Legal, GP IT, and Koch shared services organizations
• Work with GP cyber customers to identify business needs and tailor risk assessments to business risk profiles
• Help to mature GP cyber awareness, tabletop simulation, and security review capabilities

Who You Are (Basic Qualifications)

• Experience developing, implementing, operating and supporting cyber security programs, frameworks and toolsets
• Experience communicating complex IT / Cyber Security concepts to non-technical people
• Experience in roles of influencing without authority
• Experience in roles with focus on customer engagement
• Experience in operationalizing cyber security concepts and capabilities.

What Will Put You Ahead

• Bachelor’s degree in Security or Computer Science
• Experience working as a program manager with a focus on cyber security or GRC
• Experience working in a federated computing environment
• Industry security certifications, such as Certified Information Systems Security Professional (CISSP) or Systems Security Certified Practitioner (SSCP) or Global Information Assurance Certification (GIAC).
• Experience with ZenGRC GRC tools

Our Benefits

Our goal is for each employee, and their families, to live fulfilling and healthy lives. We provide essential resources and support to build and maintain physical, financial, and emotional strength - focusing on overall wellbeing so you can focus on what matters most.

Our benefits plan includes - medical, dental, vision, flexible spending and health savings accounts, life insurance, ADD, disability, retirement, paid vacation / time off, educational assistance, and may also include infertility assistance, paid parental leave and adoption assistance.

Specific eligibility criteria is set by the applicable Summary Plan Description, policy or guideline and benefits may vary by geographic region.

If you have questions on what benefits apply to you, please speak to your recruiter.

Additionally, everyone has individual work and personal needs. We seek to enable the best work environment that helps you and the business work together to produce superior results.