Cybersecurity - Governance, Risk & Compliance Specialist

Job Title : Governance, Risk & Compliance Specialist

Location : US (Fully Remote)

Are you a Cybersecurity Specialist passionate about Governance, Risk and Compliance? Join Trimble and take your career to the next level.

What You Will Do

A s our Cybersecurity GRC Specialist you'll drive security excellence by orchestrating diverse security operations in alignment with Trimble's high standards. Dive into a dynamic role ensuring compliance with internal controls, regulations, and infosec protocols. Collaborate within the Governance, Risk & Compliance (GRC) team, reporting to the Sr. Director of GRC in the Corporate Cybersecurity realm. Unlock opportunities by showcasing your grasp of GRC functions, encompassing threat modeling, penetration testing, development practices, and tech stacks with compensating controls. Elevate your career with us, leveraging top-notch time management and communication prowess.

• Conduct periodic internal controls assessments to proactively identify areas of improvement and work with various business units to ensure controls are adequate, appropriate and effective
• Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts
• Design workflow process for security assessment
• I mplement security controls, risk assessments, and other activities which align to cybersecurity programmatic requirements, ensuring documented and sustainable compliance that aligns and advances Trimble’s business objectives
• Assist in cybersecurity risk assessments and penetration testing, inclusive of tracking and remediation efforts Conduct vendor cybersecurity risk and compliance audits, support the vendor due-diligence process and execute existing third-party risk management efforts
• Drive risk reduction through ongoing phishing prevention activities
• Automate process using GRC tools and scripting
• Creatively leverage various security tools to drive risk reduction through event correlation
• Evaluates risks and helps to develop security standards, procedures, and controls to manage risks. Improves Trimble’s security posture through process improvement, policy, automation, and the continuous evolution of security functions
• Build out standards and processes supporting the cybersecurity program
• Advance information security policy compliance across multiple platforms, products and corporate systems
• Assist with conducting and auditing required cybersecurity training for the Trimble organization
• Build effective relationships with Cybersecurity and product teams to develop and oversee activities to ensure all operational procedures and plans are created, tested, documented, and monitored to ensure data integrity is preserved and in alignment with regulatory compliance requirements
• Assist with fielding customer security questionnaires, inclusive of CAIQ, STIG and other formats

What Skills & Experiences You Should Bring

To be considered for this position, the candidate must be familiar with Governance, Risk and Compliance (GRC) functions inclusive of threat modeling, penetration testing, software/hardware development practices and a basic understanding of technology stacks and associated compensating controls. In addition, strong time management and communication skills are required:

• Scripting knowledge using Python is strongly desired
• Minimum of 2 years of experience in successfully managing complex global cybersecurity programs/project
• Experience with CASB/ZeroTrust (E.g., Netskope), Cloud platforms (AWS, Azure, GCP), SIEM (E.g., Splunk), Dark Web monitoring, Phishing (E.g., ProofPoint, KnowBe4), Ticketing platforms (Atlassian, etc) highly desired
• Must be able to work independently, support several projects simultaneously and prioritize effectively. High standard of performance, attention to detail and commitment to excellence are critical
• Understanding of security compliance requirements (ISO27001, SOC 2, FedRAMP, NIST 800-171
• Minimum of 2 years of experience with driving risk reduction through vulnerability remediation
• Certifications Desired (Not Required): CISSP, GSEC, SEC+
• Understanding of Security frameworks (NIST, OWASP, CSF, CIS
• Bachelor’s degree in related field (IT or Cybersecurity) or equivalent combination of experience and education/certification
• Minimum of 2 years of experience in developing and operationalizing crisis management plans, including business impact assessments and risk management

Trimble’s Inclusiveness Commitment

We believe in celebrating our differences. That is why our diversity is our strength. To us, that means actively participating in opportunities to be inclusive. Diversity, Equity, and Inclusion have guided our current success while also moving our desire to improve. We actively seek to add members to our community who represent our customers and the places we live and work.

We have programs in place to make sure our people are seen, heard, and welcomed and most importantly that they know they belong, no matter who they are or where they are coming from.

Trimble’s Privacy Policy

Pay Equity

Trimble provides the following compensation range and general description of other compensation and benefits that it in good faith believes it might pay and/or offer for this position. This compensation range is based on a full time schedule. Trimble reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s sex or other status protected by local, state, or federal law.

Hiring Range:

Bonus Eligible?

Trimble offers comprehensive core benefits that include Medical, Dental, Vision, Life, Disability, Time off plans and retirement plans. Most of our businesses also offer tax savings plans for health, dependent care and commuter expenses as well as Paid Parental Leave and Employee Stock Purchase Plan.