Full Job Description
Preferred Locations: Chennai, India
Department: Trimble Cloud x Ops
Are you an organized self-starter that is experienced working within Governance, Risk, Compliance, and Audit? Do you like to work with multiple simultaneous projects that scale in scope? Do you shine in high visibility roles, working across multiple levels and lines of business? If so, Trimble is recruiting an Information Security GRC Analyst in Chennai, India .
As the Information Security GRC Analyst , you will join the existing Cloud Governance: Compliance team contributing to the continual effort of Governance, Risk, Compliance, and Audit across multiple Trimble Divisions, tasked with conducting Gap Analysis, Internal Audits, Audit Management, and Risk Assessments.
About Trimble Cloud xOps
Trimble Cloud x Ops is a shared services organization for Trimble divisions delivering technology services to Construction, Agriculture, Buildings, Transportation, and Natural Resources markets using public cloud. We offer public cloud access and billing, common infrastructure and security services, consulting and application operations, and a suite of DevOps tools hosted for the enterprise. As public cloud usage at Trimble is growing, Trimble Cloud xOps is looking to expand the team and breadth of our service offerings.
Information Security GRC Analyst Responsibilities:
Perform ISO/IEC 27001:2013 Internal Audits of processes, policy, and systems for ISMS compliance.
Perform SOC 2 Type I and II Internal Audits of processes, documentation, and policy in preparation for External Assessment.
Support internal and external ISO audit teams through audit management in periodic audits of the ISMS.
Track and implement corrective action plans resulting from audit findings.
Perform readiness assessments and gap analysis of new Trimble Divisions interested in onboarding for ISO & SOC.
Guide Trimble Divisions through and suggest remediation of control gaps.
Contribute to periodic update of existing ISMS documentation and work with staff to expand the ISMS scope to new sites.
Present ISMS metrics, audit results, trends in risk, and corrective action plans to senior management.
Contribute to the creation of processes and procedures that increase efficiency of the overall compliance program.
Keep up-to-date with the security / GRC field, share and communicate changes to standards with the compliance team and other key stakeholders.
Willingness to Travel (5-10%, Continental when COVID restrictions are lifted)
Required Skills & Experience
3-5 years of experience in Information Technology, Security Analysis, Governance, Risk and Compliance or management (or equivalent experience)
ISO/IEC 27001 Certified Internal / Lead Auditor and or equivalent experience.
SOC 2 Gap Analysis / Readiness Assessment experience.
Excellent analytical, problem-solving and decision making skills.
Ability to work with cross functional teams across organizational and cultural boundaries to achieve policy and process compliance.
Ability to work independently and manage a fluid workload.
Experience in managing multiple customers or projects with competing priorities.
Understanding of technical and organizational security vulnerabilities, threats, and risks.
Excellent written and oral English communication skills.
Excellent organizational and presentation skills.
Willingness to learn and adapt as the situation arises.
Desired Skills & Experience
Bachelor’s or Master’s degree in an IT field.
At least 1 year prior experience in a SaaS company.
‘Big 4’ Experience in ITGC, SOC2, ISO 27K Audits.
CISA/CISSP/CISM/CRISC or other security certifications.
Proven experience with AWS and or Azure Cloud Infrastructure.
Experience with any SIEM tools such as Splunk is desirable.
Work history in such areas as Networking, IT Security and Software development.
Key Benefits of the Role
High visibility by virtue of regular interactions with senior stakeholders.
Part of a dynamic and growing team.
Flexible Working Arrangements as per Trimble’s Flexible Work Arrangement Program.
Contemporary/Modern new facility that fosters fun and a collaborative workspace.