Job Summary:
As a Cybersecurity Governance, Risk and Compliance (GRC) Analyst IV, you will be responsible for identifying and managing risks associated with Avnet's information systems, data, and infrastructure. Also, you will help to ensure the organization's cybersecurity measures align with industry best practices and Avnet's risk appetite.
Other duties will include the development and evaluation cybersecurity controls, as well as creation and maintenance of relevant cybersecurity policies, procedures, standards, and guidelines that meet regulatory requirements and industry best practices. You will also perform gap analyses to identify areas for improvement in the organization's cybersecurity posture and work collaboratively with other departments to ensure cybersecurity risks are being managed effectively. You will conduct compliance assessments and assist with developing cybersecurity awareness training programs to promote a culture of cybersecurity across the organization. Additionally, you will help identify potential threats, vulnerabilities, and associated impacts to Avnet's information systems, data, and infrastructure.
What you will be doing:
Provide technical guidance and consultation to internal stakeholders related to cybersecurity to include operational controls and Sarbanes Oxley (SOX) controls.
Perform GAP assessments and define mitigation plans for any identified gaps in collaboration with internal stakeholders.
Develop, maintain, and publish cybersecurity policies, standards, and control documentation.
Facilitate discussions between compliance auditors and Information Technology staff to resolve issues while minimizing the risk exposure to Avnet.
Perform risk assessments on identified weaknesses and collaborate with stakeholders to define mitigating controls.
Develop cybersecurity training and awareness materials for a global audience of Avnet employees to influence user behavior and mitigate risk.
Other duties as assigned.
Your profile:
Typically 7+ years with bachelor's or equivalent.
Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
You are passionate about learning and are familiar with IT control frameworks, cybersecurity risk management, and regulatory compliance requirements.
You have excellent communication skills and are able to work effectively with both technical and non-technical stakeholders to drive cybersecurity initiatives.
Strong analytical skills, including the ability to review processes and controls, identify weak points and advise all levels of management on remediation actions
Ability to quick adjust to new priorities and address items as they are identified
Strong written and verbal communication skills to include a very high level of proficiency in Microsoft Word, PowerPoint and Excel, accompanied with talent to simplify and explain technical concepts to a no-technical business audience.
Experience in designing controls and working with internal and external auditors is a plus
Experience with cybersecurity frameworks such as NIST CSF, NIST 800-53, ISO 27001 and PCI is a plus
CISSP, CISA, CISM, PCI ISA certification is a plus
Business fluent English
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills.
