Cybersecurity Governance, Risk & Compliance (GRC) Analyst

McCormick & Company, Inc., a global leader in the spice, flavor, and seasonings industry, is seeking a full-time Cybersecurity Governance, Risk & Compliance Analyst II. This new hire will work at our Global HQ, located in Hunt Valley, MD.

McCormick & Company, Incorporated is a global leader in flavor with approximately 13,000 employees worldwide. As a Fortune 500 company with over $5 billion in annual sales across 160 countries and territories, we manufacture, market, and distribute spices, seasoning mixes, condiments, and other flavorful products to the entire food industry including e-commerce, retail, food manufacturers and foodservice businesses. Our most popular brands include McCormick, French’s, Frank’s RedHot, Stubb’s, OLD BAY, Lawry’s, Zatarain’s, Ducros, Vahiné, Cholula, Schwartz, Kamis, DaQiao, Club House, Aeroplane, and Gourmet Garden. Every day, no matter where or what you eat or drink, you can enjoy food flavored by McCormick. Our Purpose is “To Stand Together for the Future of Flavor and our Vision is “A World United by Flavor—where healthy, sustainable and delicious go hand in hand.”

As a company recognized for its exceptional commitment to employees, McCormick offers a wide variety of benefits, programs, and services. Benefits include, but are not limited to, tuition assistance, medical, dental, vision, disability, group life insurance, 401(k), profit sharing, paid holidays, and vacations.

Operates under general direction and supervision. The Cybersecurity Governance, Risk & Compliance (GRC) Sr. Analyst is a critical position within the team and has risk and compliance responsibilities from a technology and security perspective across the organization globally. This position will work as a member of the Information Security team at McCormick and guide the organization towards continuous compliance with industry laws, regulations, and frameworks. The individual will facilitate the development and implementation of security, risk, and compliance best practices and is a key influencer in driving governance, risk, and compliance (GRC). The Sr. Analyst will act as a subject matter expert for enterprise controls and must communicate effectively with end users, business partners, team members and Leadership to help raise the culture of Compliance. The candidate will review the design of existing controls and offer ideas on improving and consolidating those controls, educating, and informing others within the organization, and identifying opportunities for improvements in existing processes.

This position will have the opportunity to enhance our internal McCormick InfoSec program as well as contribute to IT GRC initiatives in project management, data privacy, information security, regulatory standards for cloud-based services/software and audits. The main objective of the Security GRC team is to deliver best in class Security Governance, Risk and Compliance, services to ensure that McCormick operates in a risk mitigated, security managed environment and that McCormick’s security compliance objectives are being met. Their responsibilities span McCormick’s global brand and subsidiaries and the internal applications, tools, and infrastructure that support them.

Key Responsibilities

• Responsible for the design and operating effectiveness of IT general controls, educating and informing others within the organization, and identifying opportunities for improvements in existing processes. Working closely with the entire Security GRC team and stakeholders across the organization, the Cybersecurity GRC Analyst II will be responsible for implementing, maintaining, and improving internal controls to assure compliance with applicable regulatory and legal requirements
• Support McCormick IT transformational projects, internal IT projects, and ad hoc internal control requests from partners across the Globe. Understand Internal Audit processes related to planning, testing, and reporting for both SOX and Audit projects. Perform testing activities related to SOX compliance, key audit objectives, data analytics, etc.
• Help develop, maintain, and deliver Security Awareness Training to all employees, contractors, and our affiliate strategic partners. Partner with operations, sales, supply chain, and ethics & compliance team(s) to complete cybersecurity questionnaires related to existing and prospect client vendor risk assessment leveraging desired experience with GRC tools to optimize.
• Partner effectively with Information Security, Platform, Application Management Services, HR, Legal, Internal Audit, and other internal peers to support McCormick’s compliance with applicable legal, regulatory, and security frameworks.

Qualifications

• Bachelor’s degree in Information Technology, Information Systems, Risk Management, Accounting or similar
• CISA, CISM, or CRISC preferred but not required
• 3-5 years of experience in IT Risk and Compliance environment or equivalent preferably with a concentration in the IT Governance domain
• Familiarity with common technology, project management, and control assessment frameworks (e.g., NIST, COBIT). Seeks constant improvement opportunities. Manage IT GRC – IT Security Management & Tools, from Workiva, KnowBe4, OneTrust, SharePoint, SAP GRC, RSA Archer and ServiceNow ITSM.

McCormick & Company is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

As a general policy, McCormick does not offer employment visa sponsorships upon hire or in the future.