Avec 90 000 collaborateurs présents sur les cinq continents, SUEZ est un leader mondial dans la gestion intelligente et durable des ressources. Le Groupe fournit des solutions de gestion de l'eau et des déchets qui permettent aux villes et aux industries d'optimiser la gestion de leurs ressources et d'améliorer leurs performances environnementale et économique.
SUEZ Recyclage & Valorisation des déchets propose des solutions de gestion et de valorisation matière, énergétique et biologique de tous types de déchets pour produire de nouvelles ressources. Les équipes de cette activité contribuent à la collecte, au tri, au démantèlement, au recyclage, à la valorisation et la commercialisation de nouvelles ressources et des services spécialisés sur sites et industriels.
The (GRC) Specialist leads the development and implementation of processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse business and technology landscape. The position requires a highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Responsibilities
Position Title: Governance Risk Compliance (GRC) Specialist
Immediate Supervisor: Chief Information Security Officer / Director of Information Security and coordinates with the Industrial Control Systems Risk Officer (ICSRO)
General Purpose: The (GRC) Specialist leads the development and implementation of processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse business and technology landscape. The position requires a highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Responsibilities
Qualifications
Information Technology
Control Objectives For Information And Related Technology (Cobit)
Certified In The Governance Of Enterprise It
Risk Management
Information Systems
SUEZ Recyclage & Valorisation des déchets propose des solutions de gestion et de valorisation matière, énergétique et biologique de tous types de déchets pour produire de nouvelles ressources. Les équipes de cette activité contribuent à la collecte, au tri, au démantèlement, au recyclage, à la valorisation et la commercialisation de nouvelles ressources et des services spécialisés sur sites et industriels.
The (GRC) Specialist leads the development and implementation of processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse business and technology landscape. The position requires a highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Responsibilities
- Contribute to the implementation and continuous improvement of security GRC processes such as Policy Management, Information Risk Management, Compliance Management, etc
- Support, configure, test, implement, and maintain the GRC processes in the applicable GRC product, working closely with the business, IT, security and 3rd party development/implementation partners
- Operationalize and manage the awareness and adoption of GRC processes
- Assess and advise on the impact of GRC process design options and changes
- Track remediation activities and relevant metrics to communicate status, demonstrate progress and build awareness of GRC processes.
- Ensure security compliance objectives through design, implementation, and management of regulatory program requirements
- Contribute to the strategy and execution of the overall security governance and risk management program
- Develop and lead the company's security awareness program
- Facilitate internal and external audits
- Support the company's privacy efforts by ensuring risk assessments, vendor reviews, and applicable controls are implemented
- Ensure policies, standards, and procedures are updated and communicated on an annual basis
Position Title: Governance Risk Compliance (GRC) Specialist
Immediate Supervisor: Chief Information Security Officer / Director of Information Security and coordinates with the Industrial Control Systems Risk Officer (ICSRO)
General Purpose: The (GRC) Specialist leads the development and implementation of processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse business and technology landscape. The position requires a highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Responsibilities
- Contribute to the implementation and continuous improvement of security GRC processes such as Policy Management, Information Risk Management, Compliance Management, etc
- Support, configure, test, implement, and maintain the GRC processes in the applicable GRC product, working closely with the business, IT, security and 3rd party development/implementation partners
- Operationalize and manage the awareness and adoption of GRC processes
- Assess and advise on the impact of GRC process design options and changes
- Track remediation activities and relevant metrics to communicate status, demonstrate progress and build awareness of GRC processes.
- Ensure security compliance objectives through design, implementation, and management of regulatory program requirements
- Contribute to the strategy and execution of the overall security governance and risk management program
- Develop and lead the company's security awareness program
- Facilitate internal and external audits
- Support the company's privacy efforts by ensuring risk assessments, vendor reviews, and applicable controls are implemented
- Ensure policies, standards, and procedures are updated and communicated on an annual basis
- Cultivate relationships with security, IT, legal, risk, and business stakeholders to strengthen security governance and risk management
Qualifications
- Experienced. 7+ years in the information technology field with 4+ years of combined risk management, risk consulting, GRC product implementation and /or security work experience.
- Educated. B.S. degree or equivalent work experience in security, risk management, compliance, information systems or other relevant fields. Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), or equivalent.
- Knowledgeable. Knowledge of qualitative and quantitative risk management approaches and processes, including proven implementation experience. Previous experience in a complex DevOps, engineering-driven culture preferred. Knowledge of and experience applying security, risk and control frameworks such as SSAE-18, NIST, COBIT, and ISO. Knowledge of security practices and controls applied to address security risks
- Technically Savvy. Experience with GRC products (ZenGRC a plus). Able to learn GRC technologies and quickly apply their application to everyday work processes.
Recommended Skills
Risk AnalysisInformation Technology
Control Objectives For Information And Related Technology (Cobit)
Certified In The Governance Of Enterprise It
Risk Management
Information Systems