Lead IT GRC Risk Analyst - Remote

Job Posting:

Ferguson is North America's leading value-added distributor across residential, non-residential, new construction and repair, maintenance, and improvement (RMI) end markets. Spanning 34,000 suppliers and more than one million customers, we deliver local expertise, value-added solutions, and the industry's most extensive portfolio of products. From infrastructure, plumbing, and appliances, to HVAC, fire protection, fabrication, and more, we make our customers' complex projects simple, successful, and sustainable.

We have an exciting opportunity for a remote Lead IT GRC Risk Analyst to join the IT Security Compliance team. The Lead GRC Risk Analyst provides organizational support for security awareness and training, identifying, reporting, and advising remediation activities for key risks within the IT organization, ensuring that controls and activities are aligned with overall organization risk strategy and appetite. Primary functions include leading the phishing program, security awareness, the identification and remediation of risks within a complex multi-functional organization, supporting the ongoing development, review and publication of security directives (e.g. policies, standards and guidance), monitoring and evaluating metrics related to compliance against those security directives, and using broad enterprise knowledge and/or expertise of technology and core business processes.

** This role is approved to sit 100% remote. **

Duties and Responsibilities:

Participates in IT GRC team efforts to plan, design, implement and maintain IT Governance, Risk & Compliance initiatives, and their supporting elements, these include, but are not limited to:

• Facilitate discussions related to risk identification and mitigation by analyzing and recommending operational and business workflow changes to management.
• Support the team in performing vendor risk assessments, contract reviews, and support the completion of 3rd party security questionnaires.
• Drive the identification, creation and/or collection of reporting metrics, risk appetite statement updates, and testing results as needed.
• Develop strong and relevant relationships across varying levels of the Enterprise Risk Management, Internal Audit, and Technology organization.
• Participate in due-diligence activities related to mergers and acquisitions, providing communication and recommendations to senior management.
• Act as a SME to support the interpretation of policies and compliance requirements to development, infrastructure, and implementation teams.
• Perform duties as requested by Management, in addition to the crucial job functions described above.

Qualifications and Requirements:

• A minimum of four (4) years' experience in Information Security, Technology, and/or IT Risk.
• Associate degree combined with 5 years' experience in an IT-related role; or,
• Bachelor's Degree plus 3 years' experience in an IT-related role; or,
• Master's Degree in Information Security, Information Technology or Information
• Ability to work with various areas of the business, specifically legal and corporate communications.
• Sophisticated knowledge of concepts related to IT Governance, Risk Management, and Compliance
• Substantial ability to build, organize, and analyze complex logical processes.
• Experience with ISO 27001/2.
• Experience with NIST 800-171/DFARS.
• Experience around crafting and updating corporate policies, providing expert reviews around legal, regulatory and contractual requirements.
• Knowledge of technical platforms, networks, security concepts, and data retrieval techniques.
• Self-motivated, with the ability to initiate new work without immediate supervision.
• Knowledge of auditing techniques and/or IT control environments a plus.
• Proven ability to fix and solve sophisticated and indistinct problems.
• Ability to communicate with all audiences in a concise and professional written format.
• Ability to speak publicly, including large groups, with all levels of management.

Ferguson is dedicated to providing meaningful benefits programs and products to our associates and their families-geared toward benefits, wellness, financial protection, and retirement savings. Ferguson offers a competitive benefits package that includes medical, dental, vision, retirement savings with company match, paid leave (vacation, sick, personal, holiday, and parental), employee assistance programs, associate discounts, community involvement opportunities, and much more!

#LI-REMOTE

Pay Range:

Actual pay rate may vary depending upon location. The estimated pay range for this position is below. The specific rate will depend on a candidate's qualifications and prior experience.

$8,470.59 - $14,834.37

Estimated Ranges displayed are Monthly for Salaried roles OR Hourly for all other roles.

This role is Bonus or Incentive Plan eligible.

The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Equal Employment Opportunity and Reasonable Accommodation Information