Grc Analyst Jobs

Sonoco’s Global Information Security organization is a collaborative team focused on protecting Sonoco’s data and technology assets from risks and threats, internal and external, while driving transformation into the business use of IT. This is our team mission, and we are passionate how we do it. The Global InfoSec organization provides full-scope information and cyber security services to Sonoco’s businesses, and our collective goal is to provide safe, secure, and resilient IT services to our stakeholders.

A key part of achieving that goal is effectively and efficiently managing various cyber security risks associated with conducting business operations. This position will assess risk associated with business project efforts, manage NIST CSF and SOC 2 Compliance programs, author, and update policy documentation, educate IT and business resources on ways to build or acquire technologies while managing risk, and collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This position is also responsible for supporting and optimizing the required Information Technology (IT) regulatory and compliance programs. The position will recommend, support, and make process improvements, review policy communications, and training, and integrate technology risk management processes.

Primary Responsibilities:

• Plan and implement processes to manage cybersecurity risk across the enterprise while identifying areas of risk reduction in existing processes
• Assess compliance with policies, standards, and regulations through the performance of risk assessments and controls testing and provide recommendations related to non-compliance arears requiring remediation
• Monitor existing risk and controls framework for emerging risks including evaluating applicability to the company and providing control recommendations, where applicable, to align with the company’s risk tolerance level
• Establish centralized compliance repository including drafting and maintaining process and controls documentation, workflows, diagrams, and training materials/manuals related to IT processes
• Assist in development, management, and maintenance of metrics and reporting to demonstrate technology policy, standards, guidance, adoption, implementation, and adherence
• Collaborate and consult with business and technology stakeholders on current and emerging security needs throughout the Sonoco’s business
• Prepare ongoing reports with specified metrics, key performance indicators related to compliance activities, audit results, remediation plans, and other compliance efforts and present to IT and executive management
• Assist in development, management, and maintenance of IT security and compliance policies and standards
• Support coordination of internal and external audits with IT process owners and other key stakeholders including facilitating evidence collection and other requests from audit teams related to audits
• Identify improvement opportunities and provide recommendations to further mature existing IT processes and controls to align with the standard industry best practices including use of automation and optimization
• Serve as a subject matter resource to assess compliance implications related to technical implementations and other IT projects and execute pre-implementation reviews when necessary
• Facilitate and monitor to completion the execution of certain control activities including periodic user access reviews
• Assist in educating and training individuals across the organization including control and process owners related to compliance concepts, requirements, and responsibilities and establish awareness regarding role of the overall compliance function
• Provide guidance and support for daily operational activities and requests for assistance
• Develop management action plans related to non-compliance areas and drive to completion including performing final testing to ensure remediation where necessary
• Design continuous controls monitoring program utilizing GRC solution dashboards, analytics, automation, and other supporting tools

Knowledge & Skills Required:

• 3+ years of expertise conducting cybersecurity audits, as well as handling audit responses
• 5+ years of direct experience in information security, with a main emphasis on risk and compliance
• Bachelor’s degree (information cybersecurity, risk management, governance, etc.) or relevant years of experience
• Thorough understanding of relevant regulatory compliance requirements (NIST, ISO27001, SOC 2 , Fed Ramp, CMMC, PCI, GDPR, etc.)

• Knowledge of GRC tool techniques and best practices (Zen GRC, One Trust, Archer)
• Experience designing, implementing, and measuring risk management critical success factors, KPI’s and metrics.
• Knowledge of cybersecurity capabilities, such as identity management standards, storage, and disaster recovery in the cloud
• Proven track record of organizing and carrying out several risk and compliance projects
• Ability to successfully manage third-party audits, compile evidence, and organize audit responses

• Ability to work in a fast-paced environment in both a team and individual setting
• Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills
• In depth knowledge of modern cybersecurity concepts and how to apply them
• Experience identifying, evaluating, recommending, and implementing processes, procedures, and technologies to enhance existing capabilities to ensure a cycle of continuous improvement
• Keen attention to detail

• Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals
• Ability to work flexible hours as needed

Competencies:

• CISA, CISM, or CISSP, or are working toward certification

• Ability to make decisions and perform complex problem-solving activities under pressure
• Technical knowledge of current network security, hardware protocols and standards
• Possess a service and solutions-oriented approach
• Ability to think broadly and tactically, balanced with a high attention to detail
• Ability to adapt to rapid change and work in a fast-paced / ever changing environment

• Understanding of Information Security concepts surrounding corporate endpoints and applications
• Strong written, verbal and presentation skills
• Takes responsibility and achieves results
• Experience in cyber security risk management design and deployment
• Strong process-oriented individual with experience in ITIL concepts

This position is listed as a remote worker position.

We are an equal opportunity employer, and we strictly prohibit and do not tolerate discrimination against employees, applicants or any other covered persons because of race, color, religion, national origin or ancestry, sex, pregnancy, sexual orientation, marital status, gender identity or expression, age, disability, genetic information, veteran status, or any legally protected characteristic.