Information Security Governance, Risk, and Compliance Analyst

Overview:
Hexagon AB is looking for a** Senior Information Security Governance, Risk and Compliance Analyst** for a one year contract.

As a member of the Corporate Information Security - Governance, Risk and Compliance team, you will report to Hexagon’s Director of Information Security - Governance, Risk and Compliance.

The role will work closely with Hexagon divisional cross-functional teams to manage information security risks to ensure we meet all required information security compliance standards and regulations through governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up to date on applicable compliance requirements

**Responsibilities**:
As a **Senior GRC Analyst** you will be responsible for:

- Support the development, implementation, and maintenance of the information security risk and controls program.
- Support the implementation and testing of a comprehensive information security controls framework while developing innovative risk mitigation strategies with cross-functional teams.
- Govern and report on findings, tracking status, and ensuring corrective actions are complete and sustainable.
- Communicating with technical and non-technical stakeholders and leaders on information security risk and controls management topics and program-specific reporting
- Staying up to date on current cybersecurity threats, vulnerabilities, trends, and best practices to proactively evolve the information security risk and controls program.
- Support information security risk identification & assessment, response & mitigation, control monitoring & reporting.
- Gather and evaluate information, including supporting auditors, investigations, and customer requests.
- Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance.
- Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues.
- Assist is the completion of customer questionnaires.
- Assist on root cause analysis on incidents to determine underlying causes.
- Participate in the company’s business continuity plan and cyber security table-top exercises.

Qualifications:
**Must-Have**:

- Bachelor's Degree in computer science, computer engineering, management information systems, information technology or a similar field. An equivalent combination of education, certifications and experience may substitute for a degree.
- Minimum 8 years in an Information Security GRC function with expertise and accomplishments directly relevant to the position
- Knowledge and experience of information security standards and compliance requirements such as ISO 27001, CIS Controls, NIST 800-171, CMMC, TISAX, GDPR, etc.
- Internal control implementation, including the evaluation of the design and operating effectiveness of controls.
- Advanced knowledge of testing techniques and data analysis principles, as well as the ability to interpret results.
- Advanced-level communication, presentation, and relationship management skills with technical and non-technical audiences.
- Ability to travel internationally.
- English (fluent written and verbal) is a pre-requisite
- Ability to attain Reliability level security clearance within Canada

**Key Success Factors**:

- Sustain effective engagement and take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

**Nice-to-Have**:

- One or more relevant certifications (e.g., CRISC, CISSP, CISM, CISA, CCSP, ISO 27001 Lead Auditor)
- Drive multiple projects, achieve key milestones, with ability to reprioritize work in a fast-paced environment.
- Proficiency with GRC systems