GRC Analyst

Job Summary:

As a Cybersecurity Governance, Risk and Compliance (GRC) Analyst II, you will be responsible for identifying and managing risks associated with Avnet’s information systems, data, and infrastructure. Also, you will help to ensure the organization’s cybersecurity measures align with industry best practices and Avnet’s risk appetite.

Other duties will include the development and evaluation of cybersecurity controls, as well as creation and maintenance of relevant cybersecurity policies, procedures, standards, and guidelines that meet regulatory requirements and industry best practices. You will also perform gap analyses to identify areas for improvement in the organization’s cybersecurity posture and work collaboratively with other departments to ensure cybersecurity risks are being managed effectively. You will conduct compliance assessments and assist with developing cybersecurity awareness training programs to promote a culture of cybersecurity across the organization. Additionally, you will help identify potential threats, vulnerabilities, and associated impacts to Avnet’s information systems, data, and infrastructure.

What you will be doing:

• Facilitate Sarbanes Oxley (SOX) and Financial Statement Audits (FSA) engagement with internal stakeholders and internal/external auditors.
• Collaborate with internal stakeholders to develop a comprehensive set of questions and related answers for Avnet’s cybersecurity posture.
• Review policy exemption requests and collaborate with internal stakeholders on implementing appropriate mitigating controls.
• Manage internal self-assessments (e.g., NIST CSF) to ensure assessment are completed in time and evidence provided is appropriate.
• Review “technical and organizational measures” (TOMs) of third parties to ensure data transfers are appropriately protected.
• Provide technical guidance and consultation to internal stakeholders related to cybersecurity to include operational controls and Sarbanes Oxley (SOX) controls.
• Facilitate discussions between compliance auditors and Information Technology staff to resolve issues while minimizing the risk exposure to Avnet.
• Other duties as assigned.

Your profile:

• Typically 3+ years with bachelor’s or equivalent.
• Bachelor’s degree or equivalent experience from which comparable knowledge and job skills can be obtained.
• You are passionate about learning and are familiar with IT control frameworks, cybersecurity risk management, and regulatory compliance requirements.
• You have excellent communication skills and are able to work effectively with both technical and non-technical stakeholders to drive cybersecurity initiatives.
• Strong analytical skills, including the ability to review processes and controls, identify weak points and advise all levels of management on remediation actions.
• Ability to quick adjust to new priorities and address items as they are identified.
• Strong written and verbal communication skills to include a very high level of proficiency in Microsoft Word, PowerPoint and Excel, accompanied with talent to simplify and explain technical concepts to a no-technical business audience.
• Experience in designing controls and working with internal and external auditors is a plus.
• Experience with cybersecurity frameworks such as NIST CSF, NIST 800-53, ISO 27001 and PCI is a plus.
• CISSP, CISA, CISM, PCI ISA certification is a plus
• Business fluent English