Overview:
Hexagon AB is looking for a Senior Information Security Governance, Risk and Compliance Analyst for a one year contract.
As a member of the Corporate Information Security - Governance, Risk and Compliance team, you will report to Hexagon’s Director of Information Security - Governance, Risk and Compliance.
The role will work closely with Hexagon divisional cross-functional teams to manage information security risks to ensure we meet all required information security compliance standards and regulations through governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up to date on applicable compliance requirements
Responsibilities:

As a Senior GRC Analyst you will be responsible for:

• Support the development, implementation, and maintenance of the information security risk and controls program.
• Support the implementation and testing of a comprehensive information security controls framework while developing innovative risk mitigation strategies with cross-functional teams.
• Govern and report on findings, tracking status, and ensuring corrective actions are complete and sustainable.
• Communicating with technical and non-technical stakeholders and leaders on information security risk and controls management topics and program-specific reporting
• Staying up to date on current cybersecurity threats, vulnerabilities, trends, and best practices to proactively evolve the information security risk and controls program.
• Support information security risk identification & assessment, response & mitigation, control monitoring & reporting.
• Gather and evaluate information, including supporting auditors, investigations, and customer requests.
• Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance.
• Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues.
• Assist is the completion of customer questionnaires.
• Assist on root cause analysis on incidents to determine underlying causes.
• Participate in the company’s business continuity plan and cyber security table-top exercises.

Qualifications:

• Support the development, implementation, and maintenance of the information security risk and controls program.
• Support the implementation and testing of a comprehensive information security controls framework while developing innovative risk mitigation strategies with cross-functional teams.
• Govern and report on findings, tracking status, and ensuring corrective actions are complete and sustainable.
• Communicating with technical and non-technical stakeholders and leaders on information security risk and controls management topics and program-specific reporting
• Staying up to date on current cybersecurity threats, vulnerabilities, trends, and best practices to proactively evolve the information security risk and controls program.
• Support information security risk identification & assessment, response & mitigation, control monitoring & reporting.
• Gather and evaluate information, including supporting auditors, investigations, and customer requests.
• Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance.
• Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues.
• Assist is the completion of customer questionnaires.
• Assist on root cause analysis on incidents to determine underlying causes.
• Participate in the company’s business continuity plan and cyber security table-top exercises