Enpro is currently seeking a Governance, Risk, & Compliance (GRC) Analyst to join our corporate Information Security Team based in Charlotte, NC. Reporting to the Director of Information Security, the GRC Analyst will be responsible for driving the execution of the GRC strategy by managing security and compliance framework control adherence, supporting regulatory compliance requirements, leading and tracking security awareness initiatives, and tracking key security metrics and KPI's. The candidate will work closely in collaboration with Enpro's Compliance, Legal, and Internal Audit Teams to ensure alignment on business priorities and to effectively manage enterprise cyber risks. This role requires a balanced understanding of cybersecurity, privacy, compliance, and information security industry frameworks.
The ideal candidate is someone who understands technology, possesses deep experience in GRC concepts, is a self-starter, and is adept at understanding information security and regulatory compliance frameworks and their relevant security controls. The GRC Analyst must be process oriented and not be driven solely by compliance.
PRIMARY RESPONSIBILITIES:
Assess and validate the assurance of Enpro's Information Security Program through audits, assessments, and continuous monitoring of Enpro's security control framework.
Conduct enterprise-wide, ongoing risk analysis in tandem with Security, Internal Audit, and Compliance Teams.
Document and maintain appropriate security control mappings to relevant regulatory compliance and applicable industry frameworks and standards.
Identify and report on information security control deficiencies and work with internal/external stakeholders to prioritize and remediate findings.
Manage and mature Enpro's third party risk management program to effectively manage organizational risk presented through key relationships with vendors, suppliers, and customers.
Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practices and escalate concerns where applicable.
Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
Attend and fully engage in change and project management meetings.
MINIMUM QUALIFICATIONS/EDUCATION/WORK EXPERIENCE:
5+ years of related GRC/information security experience required
Prior experience supporting GRC platforms from vendors such as AuditBoard, LogicGate, Archer, MetricStream etc.
Self-starter, capable of driving initiatives to completion with minimal supervision
Demonstrated ability to manage complex GRC security initiatives with a global scope and international requirements
Deep knowledge working with frameworks such as ISO27001/27002, NIST 800-171, NIST 800-53, etc.
Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience
Possess industry certifications (CISSP, CRISC, CGEIT, IAPP, CISA, GRCP)
Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure
Familiarity with state, federal and international privacy laws
Experiencing supporting industry and regulatory compliance frameworks such as PCI, ISO, DFARS, ITAR, NIST, and Sarbanes-Oxley
Enpro is a leading industrial technology company using material science to push boundaries in semiconductor, life sciences, and other technology-enabled sectors. We are a leader in sealing technologies, advanced surface technologies, and highly engineered materials. Our products and services are sold into more than 40 distinct end-markets that touch our lives every day - from food and pharmaceutical facilities to semiconductor clean rooms, from agricultural robots that help grow your food to last-mile technologies that deliver it to your doorstep, from commercial aviation to space exploration, and much more in between. Our commitment to innovation, quality, and value has propelled our brands to wide recognition and leading positions in their markets.
Enpro is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
