Lead GRC Risk Analyst - Security Awareness (Remote)

Job Posting:

Since 1953, Ferguson has been a source of quality supplies for a variety of industries. Together We Build Better infrastructure, better homes and better businesses. We exist to make our customers’ complex projects simple, successful, and sustainable. We proactively solve problems, adapt and grow to continuously serve our customers, communities and each other. Ferguson is proud to provide best-in-class products, service and capabilities across the following industries: Commercial/Mechanical, Facilities Supply, Fire and Fabrication, HVAC, Industrial, Residential Trade, Residential Building and Remodel, Waterworks and Residential Digital Commerce. Ferguson has approximately 36,000 associates across 1,700 locations. Ferguson is a community of proud associates who operate with the shared purpose of building something meaningful. You will build a career that you are proud of, at a company you can believe in.

The Lead GRC Risk Analyst provides organizational support for security awareness and training, identifying, reporting, and directing remediation activities for key risks within the IT organization, ensuring that controls and activities are aligned with overall organization risk strategy and appetite. Primary functions include leading the phishing program, security awareness, the identification and remediation of risks within a sophisticated multi-functional organization, supporting the ongoing development, review and publication of security directives (e.g. policies, standards and guidance), monitoring and evaluating metrics related to compliance against those security directives, and using broad enterprise knowledge and/or expertise of technology and core business processes.

This role is approved to be fully remote and can be based anywhere in the United States.

Duties and Responsibilities:

Participates in IT GRC team efforts to plan, design, implement and maintain IT Governance, Risk & Compliance initiatives, and their supporting elements, these include, but are not limited to:

• Facilitate discussions related to risk identification and mitigation by analyzing and recommending operational and business workflow changes to management.
• Support the team in performing vendor risk assessments, contract reviews, and support the completion of 3rd party security questionnaires.
• Drive the identification, creation and/or collection of reporting metrics, risk appetite statement updates, and testing results as needed.
• Develop strong and important relationships across all levels of the Enterprise Risk Management, Internal Audit, and Technology organization.
• Participate in due-diligence activities related to mergers and acquisitions, providing communication and recommendations to senior management.
• Act as a SME to support the interpretation of policies and compliance requirements to development, infrastructure, and implementation teams.
• Perform duties as requested by Management, in addition to the essential job functions described above.

Qualifications and Requirements:

• A minimum of four (4) years’ experience in Information Security, Technology, and/or IT Risk.
• Associate degree with at least 5 years of experience in an IT-related role; or
• Bachelor's degree (or equivalent experience) with 3 years of experience in an IT-related role; or
• Master's degree or equivalent experience in Information Security or Information Technology.
• Certifications such as CISSP, CISM, CISA and CRISC are preferred.
• Ability to work with various areas of the business, specifically legal and corporate communications.
• Advanced knowledge of concepts related to IT Governance, Risk Management, and Compliance
• Substantial ability to create, organize, and analyze complex logical processes.
• Experience with ISO 27001/2
• Experience with NIST 800-171/DFARS
• Experience with third party vendor risk management tools such as BitSight, OneTrust, or Security Scorecard
• Experience with phishing simulation tools such as KnowBe4, GoPhish, or PhishMe
• Experience around creating and updating corporate policies, providing expert reviews around legal, regulatory and contractual requirements.
• Knowledge of technical platforms, networks, security concepts, and data retrieval techniques.
• Self-motivated, with the ability to initiate new work without immediate supervision.
• Knowledge of auditing techniques and/or IT control environments a plus.
• Ability to effectively troubleshoot and solve complex and indistinct problems.
• Expertise in communicating with diverse audiences in a concise and professional written format.
• Ability to speak publicly, including large groups, with all levels of management.

At Ferguson, we care for each other. We value our well-being just as much as our hard work. We are committed to a holistic approach towards benefits plans and programs that support the mental, physical and financial well-being of our associates. Our competitive offering not only includes benefits like health, dental, vision, paid time off, life insurance and a 401(k) with a company match, but our associates also enjoy additional meaningful and inclusive enhancements that are adaptable to their diverse situations and needs, including mental health coverage, gender affirming and family building benefits, paid parental leave, associate discounts, community involvement opportunities and more!

#LI-REMOTE

-

Pay Range:

-

Actual pay rate may vary depending upon location. The estimated pay range for this position is below. The specific rate will depend on a candidate’s qualifications and prior experience.

-

-

Estimated Ranges displayed are Monthly for Salaried roles OR Hourly for all other roles.

-

This role is Bonus or Incentive Plan eligible.

-

Ferguson complies with all wage regulations. The starting wage may be higher in certain locations based on local or state wage requirements.

-

The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Equal Employment Opportunity and Reasonable Accommodation Information