IT GRC Specialist

Job Expired

Position Overview

The IT Governance, Risk, and Compliance (GRC) Specialist will support the following:

  • Information Security risk management
  • Third party risk management
  • IT Compliance and Governance support

This position will provide highly skilled technical information security expertise to help reduce risk exposures to Hexion’s IT environment, as well as represent the GRC function in cross functional teams.

This opportunity is eligible for remote work

Country

USA

Function

Information Technology

Company Overview

Based in Columbus, Ohio, Hexion Inc. is the global leader in thermoset resins. Through a broad range of thermoset technologies and specialty products, Hexion serves and supports customers in a diverse range of applications and industries.Hexion materials are found in products that touch nearly every facet of modern living. At Hexion, we believe that leadership begins with integrity, ethics and environmentally sound operations. When you work for Hexion, you are partnering with a company that is not only focused on delivering value but on doing it in a safe, ethical and environmentally responsible manner.

Company Distinction

This exciting opportunity is part of Hexion Inc.

Job Responsibilities

Risk Management

  • Support the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
    • Maintain Risk Register. Assess each risk by identifying the potential impact based on combination of threat, likelihood, and exposure. Coordinate review of existing risks, along with actions, to ensure they are being managed in line with the Risk Management Strategy and Standards.
    • Keep executive management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect systems or cover potential losses.
    • Administer processes related to Risk Register and other risk-related information (risk/control matrix, etc.) and train new users of the system.
    • Assist in the development, creation and maintenance of information security risk processes, policies, and procedures.
    • Assist in developing proposed treatment plans and facilitate decisions on those treatment plans with risk owners and senior leaders.
    • Develop best practices for risk management and recommend risk modeling techniques
  • Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for Hexion’s information and technology systems.
  • Create periodic risk reports, metrics, and presentations that will be distributed to senior leaders, risk owners, and various other stakeholders.
  • Ensure that security controls are managed and maintained.
  • Participate in third party risk assessment and management process.

IT Compliance and Governance Support

  • Work with Internal Audit and outside consultants as appropriate on required security assessments and audits. Oversee implementation of audit recommendations and provide updates to auditors.
  • Identify policy gaps and recommend relevant policy statements. Insure existing IT policies are periodically reviewed and kept current.
  • Develop and maintain GRC policies and procedures to comply with requirements.
  • Reviewing IT Business Continuity plans for completeness and accuracy.
  • Monitor annual Disaster Recovery testing and BIA processes.
  • Participates in the assessment, adoption and compliance with IT governance framework across all domains.
  • Support the data privacy compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
  • Liaison with Data Privacy officers to insure IT compliance with relevant Data Privacy legislation (ex: GDPR (EU), LGPD (Brazil)).

Other

  • Perform other duties as assigned to ensure the smooth functioning of the department.
  • Establish and maintain strong relationships with stakeholders.
  • Drive continuous improvement of tools and process capabilities in the area of compliance.

Competencies

Strategic Focus and Direction

  • Identifies problems in attaining planned goals or work and proposes solutions
  • Works with customers (internal and external) to understand and meet their needs
  • Understands and accommodates cultural differences successfully and behaves
  • appropriately for the culture in which he/she is working

Trust and Teamwork

  • Supports team decisions in word and action outside of the team setting – even if the ideas he/she supported were not chosen by the team
  • Keeps commitments – Holds self-accountable for assignments and required work product
  • Communicates directly, honestly, respectfully and in a timely manner to resolve conflict

Personal Leadership

  • Displays a positive attitude and willingness to make the necessary effort to accomplish goals
  • Drives safety culture initiative; ensures understanding of the existing safety policies in the company among employees

Achieve Business Results

  • Exhibits a sense of responsibility and urgency toward goal accomplishment
  • Ability to receive feedback and adjust behavior
  • Achieves results in a manner consistent with the Hexion’s Core Values

Minimum Qualifications

  • 5-7 years of advanced IT skills in the areas of Information SecurityRisk Management or IT Audit experience and expertise and excellent communication skills
  • Good understanding of control and risk management frameworks (NIST) and fundamentals, with hands on experience with IT Risk Management systems
  • Strong project management and executive reporting skills
  • Bachelor’s degree required.
  • Relevant certifications preferred (CRMA, CRISC, RIMS-CRMP, CISA, CIPP/CIPM)
  • Fluent language skills in English, both verbal and written
  • Proficient in Microsoft O365, including Office, Teams and Outlook
  • Ability to work accurately, with strong time management and organizational skills
  • Ability to work well with others to accomplish common goals
  • Good communication skills with the ability to interact with all levels of the organization
  • Positive attitude and high stress threshold to succeed in a dynamic environment

Preferred Qualifications

#LI-Remote

Education Requirements

  • 5-7 years of advanced IT skills in the areas of Information SecurityRisk Management or Cyber Audit
  • Strong understanding of control and risk management frameworks and fundamentals, with hands on experience with IT Risk Management systems (preferably NIST)
  • Strong project management and executive reporting skills; excellent communication skills.
  • Bachelor’s degree and/or relevant certifications preferred (CRMA, CRISC, RIMS-CRMP, CISA, CIPP/CIPM, etc.)
  • Fluent language skills in English, both verbal and written
  • Proficient in Microsoft O365, including Office, Teams and Outlook
  • Ability to work accurately, with strong time management and organizational skills
  • Ability to work well with others to accomplish common goals
  • Good communication skills with the ability to interact with all levels of the organization
  • Positive attitude and agility to succeed in a dynamic environment

Other

We are an Equal Opportunity, Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to gender, minority status, sexual orientation, gender identity, protected veteran status, status as a qualified individual with a disability or any characteristic protected by law.

In order to be considered for this position candidates are required to submit an application for employment through our career site, be at least 18 years of age, willing to take a drug test , submit to a background investigation as part of the selection process, as well as additional periodic background checks as required by the Chemical Facility Anti-Terrorism Standards (CFATS) or regulations adopted by the Department of Homeland Security or other regulatory agencies

Candidates are required to have unrestricted authorization to work in the United States.

If currently an employee of the Company, you must have current satisfactory work performance and in most cases, have been in your current role 18 months.

Disclaimer: We are not accepting unsolicited assistance from search firms/employment agencies for this employment opportunity. Please, no phone calls or emails to any employee about this position. All resumes submitted by search firms/employment agencies to any employee of the Company via email, the Internet or in any other form and/or method without a valid written search firm agreement in place for this position will be deemed the sole property of the Company; no fee will be paid in the event a candidate is hired by the Company as a result of the unsolicited referral or through other means.

Job ID : 12138BR

More Information

  • This job has expired!
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X