IT Governance, Risk and Compliance (GRC) Analyst (Security Team)- Remote
At TE, you will unleash your potential working with people from diverse backgrounds and industries to create a safer, sustainable and more connected world.
?
Job Overview
The ideal candidate for the IT Governance, Risk and Compliance (GRC) Analyst (Security Team) role will have a strong desire to be part of a growing information security team in a high-volume, dynamic environment. The IT GRC Analyst is a key member of the GRC team within TEs Security & Risk Management (SRM) function. The SRM function is part of TEIS (TE Information Solutions) and has global enterprise-wide responsibility for information/cyber security, technology risk and controls, IT compliance and related areas across TE Connectivity.
RESPONSIBILITIES
This person will focus on the execution and coordination of IT security governance, risk and compliance processes related to a broad range of global government and industry regulations and requirements.
Lead IT control testing and gap analysis in support of TEs information security programs, including Sarbanes Oxley (SOX), the US Defense Federal Acquisition Regulation Supplement (DFARs) 7012 & Cybersecurity Model Maturity Certification (CMMC).
Work with business and technical groups to assess IT risks, recommend enhanced governance and controls, perform self-assessments and recommend improvements in control design.
Create and maintain documentation regarding TEs security and operational controls to support audits and certifications.
Oversee and govern security controls that should meet TE global IT policy and regulatory requirements.
Perform and update IT risk assessments, maintain governance repositories and documentation and leverage security metrics to track progress.
Ensure data subject to regulations and advanced protection requirements are safeguarded during M&A & IT transformation activities.
Work with corporate and BU Legal teams to ensure alignment on cyber risk reporting requirements, customer contractual requirements and serve as a point person for segment and BU CIOs.
Identify gaps in the design and operating effectiveness of controls and identify improvements that reduce risk and/or align TE with industry recognized internal control frameworks.
Complete security assurance questionnaires from internal and external stakeholders, including customers and cyber-insurers.
What your background should look like:
General knowledge of information security and controls and related technologies, including identity & access management; database, operating system, and network security; endpoint security; application security; data protection and leakage; vulnerability management; security logging and monitoring.
Familiarity with regulations relevant to IT security and compliance for a public, global manufacturing company (e.g. SOX, PCI, HIPAA, US and international privacy regulations; US and international cybersecurity regulations and export restrictions such as DFARS, ITAR and UKML) and/or Controls Frameworks (e.g., COSO, COBIT, NIST, ISF Standards of Good Practice, ISO 27001); and industry or regionally specific certifications (e.g., TISAX; UK CyberEssentials).
Experience with any of the following is a plus: manufacturing and OT/ICS systems; support of or experience with Risk Management Systems (e.g. Archer or others), IT audit; governance for IT outsourcing; risk management frameworks; and Kaizen/lean methodologies.
Ability to track and manage numerous parallel activities.
Ability to identify opportunities for continuous improvement and execute on them.
Ability to work efficiently and independently with minimal supervision (i.e., self-motivated, and willing to stretch to meet important deadlines).
Ability to work successfully in a cross-functional team environment.
Bachelors degree (High School +4 years)
Active security certification (CISSP, CISM, CRISC or CISA) or equivalent is a plus
Years of experience: 4 – 7 years or more
Competencies
Values: Integrity, Accountability, Inclusion, Innovation, Teamwork
ABOUT TE CONNECTIVITY
TE Connectivity is a global industrial technology leader creating a safer, sustainable, productive, and connected future. Our broad range of connectivity and sensor solutions enable the distribution of power, signal and data to advance next-generation transportation, renewable energy, automated factories, data centers, medical technology and more. With more than 85,000 employees, including 8,000 engineers, working alongside customers in approximately 140 countries. TE ensures that EVERY CONNECTION COUNTS. Learn more at and on LinkedIn ( ,Facebook ( ,WeChat, ( Instagram andX (formerly Twitter). (
COMPENSATION
Competitive base salary commensurate with experience: $116,560-174,840 (subject to change dependent on physical location)
Posted salary ranges are made in good faith. TE Connectivity reserves the right to adjust ranges depending on the experience/qualification of the selected candidate as well as internal and external equity.
Total Compensation = Base Salary + Incentive(s) + Benefits
BENEFITS
A comprehensive benefits package including health insurance, 401(k), disability, life insurance, employee stock purchase plan, paid time off and voluntary benefits.
EOE, Including Disability/Vets
Location:
BERWYN, PA, US, 19312
City: BERWYN
State: PA
Country/Region: US
Travel: Less than 10%
Requisition ID: 121220
Alternative Locations: Remote
Function: Information Technology
TE Connectivity and its subsidiaries, affiliates, and operating units (collectively, the “Company”) is committed to providing a work environment that prohibits discrimination on the basis of age, color, disability, ethnicity, marital status, national origin, race, religion, gender, gender identity, sexual orientation, protected veteran status, disability or any other characteristics protected by applicable law or regulation.
application-security Teamwork Innovativeness Business Analyst Vulnerability management data-protection network-security Outsourcing HIPAA Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) itar database-security Information security Manufacturing processes controls remote work pci risk management COBIT Risk Management Framework (RMF) archer sox