Cybersecurity GRC - Compliance Analyst

Overview

Trimble is transforming the way the world works by delivering products and services that connect the physical and digital worlds. Core technologies in positioning, modelling, connectivity and data analytics enable customers to improve productivity, quality, safety, and sustainability. From purpose built products to enterprise lifecycle solutions, Trimble software, hardware and services are transforming a broad range of industries such as agriculture, construction, geospatial and transportation and logistics.

In order to improve integrity between physical and digital worlds, Governance, Risk and Compliance (GRC) facilitates the integrated collection of capabilities necessary to support connected performance. GRC doesn't burden the business, it supports and improves it by adding value through establishing efficiencies, centralizing policy and creating metrics to reduce risk to maintain Trimble brand equity. GRC resides within the corporate Trimble Cybersecurity team.

To be considered for this position, you must be familiar with security frameworks and security control auditing, specifically SOC 1 & 2 and NIST 800-171, others inclusive of ISO 27001, ISO 27701, ISO 42001, risk assessments and scoring, conducting gap analysis, internal audits, and external audit coordination. Flexibility to work 6 months project based and 6 months audit.

You are a self-motivated, mildly technical but versatile individual contributor looking to fill a Cybersecurity Compliance Analyst role by joining a diverse and collaborative international cybersecurity team for a large dynamic publicly traded company. You will be responsible for helping to ensure Trimble's product portfolio maintain compliance to an array of frameworks (SOC 1 & 2, NIST 800-171 ISO 27001, ISO 27701 & ISO 42001 ).

You will be a crucial member of our organization, working to achieve our customers expectations in the area of Compliance & Audit.

The role requires an individual who works well independently and as part of a global team by adding value through processes optimization and managing a diverse portfolio of Trimble products seeking compliance to existing and new standards & frameworks.

Key Outcomes

Operational

• Perform SOC 1 & 2, NIST 800-171, ISO 27001, ISO 27701 and ISO 42001 gap analysis and recommend process, procedural, documentation and tooling recommendations to remediate.
• Improve Compliance and certification scope efficiency via review and enhancements of the Trimble Common Control Framework
• Perform ISO 27001 & ISO
  27701 Internal Audits.
• Perform SOC 1 & 2, NIST 800-171 Internal & External Audits
• Contribute to annual policy revisions and maintenance of the IMS.
• Constantly coordinate with key business stakeholders and the external auditor
• Present metrics derived from the Integrated Management System, audit results, trends in risk, and corrective action plans to senior leadership.
• Contribute to the creation of processes and procedures that increase efficiency of the overall compliance program across all standards and frameworks.
• Collaborate with Cybersecurity team members, Trimble businesses across various geographies.
• Contribute to risk management processes to ensure business risk posture is properly calculated and proactively managed.
• Produce and analyze information that will accurately demonstrate the risk posture of each business and drive actions to reduce and manage technical risks.
• Be able to understand and communicate technical risks to a broad set of stakeholders. Must be able to adjust delivery to the audience.

The Trimble Cybersecurity team serves the entire organization. Trimble is divided into several Business focused Sectors and Divisions. This role will communicate with:

• Cybersecurity, IT and GRC teams
• Trimble leadership
• Divisional & Sector Cybersecurity representatives
• Software development staff
• Other global functions (Human Resources, Legal as required)
• No communication with Trimble customers required

• Working knowledge of SOC 1 & 2, NIST 800-171, ISO 27001, ISO 27701 & ISO 42001
• Designing audit controls spanning SOC 1 & 2, NIST 800-171, ISO 27001, ISO 27701 & ISO 42001
• Ability to write policy and interpret complex business changes, as they arise
• Comprehensive understanding of risk management standards and guidelines.
• General IT knowledge (networking, cloud computing, software development)
• General knowledge in Data Privacy (GDPR, CCPA and other regulations)
• A passion for user-centric information that is clear and actionable, attention to detail focused on delivering accurate and creative metrics.
• Ability to make effective, timely decisions with clear reasoning
• Ability to quickly establish a broad understanding of an issue with limited available information and outline the steps required to bring it to a successful conclusion
• Excellent organizational and presentation skills
• Effective communication skills (verbal and written) and time management skills
• Flexible approach to working in a changing…