Sr. Information Security GRC Analyst
Mohawk Industries

Job Info

---

Senior Information Security GRC Analyst

Find your more with Mohawk!

At Mohawk Industries, we are committed to more - more customer solutions, more process improvements, more sustainable manufacturing, and more opportunities for our people.

As a Fortune 500, global flooring leader with some of the best-known brands in the industry, Mohawk is a great place to start or develop your career with an emphasis on more of what's important to you. Come find your "more" with Mohawk!

What we need:

The Senior Information Security GRC Analyst is a high performing contributor that works to facilitate and support Security function and projects to resolve a wide range of IT issues. This role will be responsible for partnering in the evaluation and implementation of network architecture and cyber security services and technologies. The ideal candidate will possess a strong Governance and Risk Compliance (GRC) policy development and management background, critical and structured thinking, excellent communications skills, and a passion for applying innovative technology to global GRC processes.

What you'll do:

• Develop and manage security policies, standards, procedures, and processes aligned with frameworks such as CIS, ISO 27001/2, COBIT, ITIL, NIST, and PCI-DSS
• Create asset lists detailing software and firmware for cybersecurity assessments.
• Provide documentation on network and system specifications to address cybersecurity vulnerabilities and implement necessary security controls.
• Participate in cross-functional project teams to design, implement, and test cybersecurity standards and technologies during project execution phases.
• Author technical documentation, including product configuration/implementation guides, test plans, and user administration guides.
• Perform high-quality analysis and support the development of architecture, FAT/SAT procedures, and cybersecurity work for project execution.
• Collaborate with Global Functional Owners to develop Global Cyber Security work processes and procedures.
• Interpret cybersecurity program policies and support the development of procedures.
• Monitor and report control gaps in IT and cybersecurity programs, supporting policy and procedure development.
• Participate in enterprise architecture development by collaborating with the Enterprise Architecture COE.
• Perform governance and oversight functions, evaluating document categorization and aligning controls to minimize redundancy.
• Lead or participate in internal IT, Cybersecurity, and third-party GRC activities for various information systems and processes.
• Supervise the monitoring, remediation, and reporting of control gaps in IT and Cybersecurity programs.
• Advise on IT risk management issues, including risk and control gap assessments and documenting mitigation strategies.
• Stay updated with industry best practices and regulatory/legal requirements relevant to IT and Cybersecurity risk management.
• Facilitate communication and collaboration with technology leaders and key corporate risk groups to ensure GRC program awareness.
• Perform other duties as needed.

What you have:

• Bachelor's degree in a related field preferred.
• 4-6 years' relevant experience OR equivalent combination of education and experience.
• Cybersecurity-relevant accreditations such as CRISC, CISSP, CISM, CISA, CCSP, ISA/IEC62443, SANS or other internationally recognized certifications are preferred.
• Minimum 3 years' experience in Information Technology (IT), Operational Technology (OT), or related field with at least 2 years focused on designing, building, and managing cybersecurity for industrial control systems and networks.
• Strong knowledge and understanding of controls systems (SCADA/DCS/PLCs, etc.) and relevant protocols (Modbus TCP, Ethernet/IP, PROFINET, DNP3, IEC61850, etc.).
• Working knowledge of Variable Frequency Drives (VFD's).
• Working knowledge of key technologies including Firewalls, IDS, Anti-Virus, Vulnerabilities assessments, etc., in the ICS/OT networks.
• Working knowledge of cybersecurity frameworks and standards, including the Policy Life Cycle Management (PLCM) process.
• At least one of the following certifications from a nationally recognized organization is preferred:
  • IMINS certification
  • GIAC Security Essentials Certification (GSEC) or equivalent
  • GIAC Systems and Network Auditor (GSNA), ISACA Certified Information Systems Auditor (CISA), or equivalent
  • Cisco Security Certification: (CCNP)
  • ISC2 Certified Information Systems Security Professional (CISSP)
  • Additional cybersecurity certifications such as CISM, ISO 27001, NIST800, CSET, etc., will be a plus.

What you're good at:

• In-depth conceptual and practical knowledge required in own job discipline.
• Excellent skills in communication, problem-solving, and organization.
• Ability to multitask, prioritize effectively, and manage time efficiently.
• Demonstrates high integrity and discretion when handling sensitive and confidential information.
• Proficiency with Microsoft Office Suite products.
• Flexible attitude, adaptable to change, a team player, and capable of managing multiple projects simultaneously.
• Exhibits a high level of professionalism, judgment, maturity, and resourcefulness without formalized guidelines and procedures.
• Outstanding abilities in developing and managing security policies and standards, including proficiency in verbal, written, presentation, and interpersonal communication.
• Proven experience in leading, managing, and implementing security policies following the Policy Life Cycle Management (PLCM) process and self-inspection checklist.
• Expertise in serving as a subject matter expert and adviser on strategic policy-based decisions for professional and technical matters.
• Strong technical knowledge with the ability to explain information clearly, establish rapport, persuade others, and ensure understanding.
• Skilled in exercising tact, discretion, judgment, and diplomacy during interactions or negotiations with internal and external customers and senior management.
• Effective communicator in stressful situations, using appropriate interpersonal styles and methods to reduce tension or conflict while maintaining corporate professionalism.
• Willingness to accept responsibility, challenge established practices, draw relevant conclusions, take calculated risks, and promote innovative ideas within the organization.
• Exceptional leadership skills to work effectively within a diverse global team, achieving results through collaboration, motivation, persuasion, and direction of others.
• Capable of performing well under pressure or in crises, making sound decisions to resolve problems, maintain safety, and ensure adherence to the Corporate Code of Conduct.

What else?

• Normal office environment with occasional domestic/international travel (up to 20%/year).
• Must be able to lift 40 lbs., climb ladders and stairs.

Mohawk Industries is a leading global flooring manufacturer that creates products to enhance residential and commercial spaces around the world. Mohawk's vertically integrated manufacturing and distribution processes provide competitive advantages in the production of carpet, rugs, ceramic tile, laminate, wood, stone and vinyl flooring. Our industry-leading innovation has yielded products and technologies that differentiate our brands in the marketplace and satisfy all remodeling and new construction requirements. Our brands are among the most recognized in the industry and include American Olean, Daltile, Durkan, IVC, Karastan, Marazzi, Mohawk, Mohawk Home, Pergo, and Quick-Step. During the past decade, Mohawk has transformed its business from an American carpet manufacturer into the world's largest flooring company with operations in Australia, Brazil, Canada, Europe, India, Malaysia, Mexico, New Zealand, Russia and the United States.

Mohawk Industries, Inc. is an Equal Opportunity Employer including disability/veteran committed to an inclusive workplace and a proud Drugs Don't Work participant.

---