Information Security GRC Analyst

Are you looking for more?
 

At Mohawk Industries, we’re committed to more – more customer solutions, more process improvements, more sustainable manufacturing and more opportunities for our team.

As a Fortune 500, global flooring leader with some of the best-known brands in the industry, Mohawk is a great place to start or develop your career with an emphasis on more of what’s important to you. Whether you want to lead more, innovate more, learn more or create more, you can find your more with Mohawk.

What we need:

The Information Security GRC Analyst is an established performer who works to facilitate and support Security function and projects to resolve a wide range of IT issues. This role will be responsible for partnering in the evaluation and implementation of network architecture and cyber security services and technologies.

What you’ll do:

• Perform security assessments and deliver new security detection rules to enhance our existing testing capabilities.
• Document network and system specification deliverables to address cybersecurity vulnerabilities and the security controls necessary to mitigate the vulnerabilities to an acceptable level of risk.
• Develop and maintain security policies, standards, procedures, and processes for various IT frameworks, including CIS, ISO 27001/2, COBIT, ITIL, NIST, and PCI-DSS. 
• Create detailed asset lists, including software and firmware specifications, in support of cybersecurity assessments. 
• Perform governance and oversight functions by evaluating requirement document categorization, control alignment, and minimizing redundancy in the security policy and standard portfolio. 
• Participate in cross-functional project teams (internal and external) of Process Control, Safety, IT, and Cyber Security engineers, etc., assisting with design, implement, and test cybersecurity standards, regulatory requirements and technologies, processes/procedures, and specs during engineering, construct, and commissioning phases projects.
• Continuously monitor, identify, and report control gaps in IT and cybersecurity programs, contributing to ongoing improvements in security practices. 
• Support development of architecture, FAT/SAT procedures for project execution.
• Collaborate with stakeholders to draft, review, and publish internal security policies and standards, providing guidance and expertise throughout the process. 
• Collaborate to interpret cyber security program policy and support procedure development.
• Participate in the development of enterprise architecture by collaborating with Enterprise Architecture COE.
• Perform other duties as needed.

What you have:

• Bachelor’s degree in a related field or equivalent education and/or experience.         
• 2-4 years of job-related experience or equivalent education and/or experience.         
• OT/ICS cybersecurity relevant accreditations such as ISA/IEC62443 or SANS or other internationally recognized certifications are preferred.
• Experience in Information Technology (IT), Operational Technology (OT), or related field focused on designing, building, and managing cybersecurity for industrial control systems and networks.
• Knowledge and understanding of controls systems (SCADA/DCS/PLCs, etc.) and relevant protocols (Modbus TCP, Ethernet/IP, PROFINET, DNP3, IEC61850, etc.).
• Working knowledge of key technologies including Firewalls, IDS, Anti-Virus, Vulnerabilities assessments, etc., in the ICS/OT networks.
• At least one of the following certifications from a nationally recognized organization is preferred: CRISC, CISSP, CISM, CISA, CCSP, or certifications in OT/ICS cybersecurity like ISA/IEC62443 or SANS. 

What else?

• In-depth conceptual and practical knowledge in cybersecurity and GRC disciplines. 
• Demonstrates strong knowledge of technical, process, and business principles as well as industry practices and standards.
• Excellent communication, problem solving, and organizational skills.
• Able to multitask, prioritize, and manage time effectively.
• High level of integrity and discretion in handling sensitive and confidential data.
• Proficient using Microsoft Office Suite products.
• Proficiency using GRC programs such as AuditBoard, Archer, and ServiceNow

Mohawk Industries is a leading global flooring manufacturer that creates products to enhance residential and commercial spaces around the world. Mohawk’s vertically integrated manufacturing and distribution processes provide competitive advantages in the production of carpet, rugs, ceramic tile, laminate, wood, stone and vinyl flooring. Our industry-leading innovation has yielded products and technologies that differentiate our brands in the marketplace and satisfy all remodeling and new construction requirements. Our brands are among the most recognized in the industry and include American Olean, Daltile, Durkan, IVC, Karastan, Marazzi, Mohawk, Mohawk Home, Pergo, and Quick-Step. During the past decade, Mohawk has transformed its business from an American carpet manufacturer into the world’s largest flooring company with operations in Australia, Brazil, Canada, Europe, India, Malaysia, Mexico, New Zealand, Russia and the United States.

Mohawk Industries, Inc. is an Equal Opportunity Employer including disability/veteran committed to an inclusive workplace and a proud Drugs Don’t Work participant.