Job Description

Governance, Risk, and Compliance (GRC) Sr. Analyst

The IT and Digital team at WESCO has an exciting opening for a fast paced, entrepreneurial, individual who has a focus on process and lean work methodology. The information Security Team, specifically, the Governance, Risk, and Compliance Team, is seeking a colleague to join our team to perform a variety of Governance, Risk, and Compliance activities.
The GRC team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, vendor reviews, inbound due diligence, security education, policy and procedures, and more.
Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.

A successful candidate for this role is someone who is detail oriented, data-driven, and experienced in policy writing. Someone who can manage competing priorities, translate regulatory requirements into solid and secure processes.

Additionally, you will oversee the execution of IT SOX controls, serve as a point-of-contact to WESCOs audit partners, and work with control owners to ensure design and operational effectiveness.

As a Sr. Compliance Analyst, you will:
* Review, update and author policies that adhere to industry best practice and meet compliance concerns (e.g. ISO, SOX, PCI, GDPR, Cyber Essentials Plus, Cloud Security Alliance, etc.)
* Conduct internal assessments for security risk and compliance
* Assist in the determination if gaps in security design or controls exist and provide recommendations for remediation or mitigating controls
* Develop, and report on security metrics
* Deliver security awareness training and phishing campaigns to enable a security aware organization
* Work with Audit to support necessary external assessments of the organization, such as ITs adherence to SOX or Securitys maturity
* Maintain a working knowledge of applicable compliance drivers (SOX, PCI, GDRP, CCPA, CMMC, etc.). and keep abreast of developing regulatory changes and assist in providing guidance to assess new requirements.

Required skills and experience for this role:
* Bachelor's Degree
* 7+ years experience in information security, compliance, internal audit or similar role
* Solid understanding of implementations of identity and access control, change management, vulnerability management, patch management, data loss prevention, SDLC, cloud technology, vendor management, business continuity and disaster recovery.
* Experience with and understanding of various privacy regulations (e.g. CCPA, GDPR, etc.) and information security management frameworks (e.g. NIST CSF, ISO 27001, CMMC, etc.)
* Experience performing security assessments
* Excellent written and verbal communication skills
* Strong multi-tasking skills and ability to juggle multiple projects
* A self-starter with a high level of initiative, attention to detail and ability to work independently and effectively under minimal supervision
* Ability to learn quickly and willingness to take ownership of new projects
* Ability to research and learn new regulations, compliance frameworks and information security technologies
* Experience delivering security awareness training
* Proven track record of cross-functional collaboration to remediate gaps, implement policies and procedures, assure external parties, and build security culture while keeping business needs top of mind
* Experience authoring information security policies, standards, and procedures

Preferred qualifications:

* CISSP, CISA or similar certification(s)
* Solid documentation skills - process maps, requirements documents, Visio diagrams, etc.

Click here to apply online

EB-7931344059

About WESCO

WESCO International, Inc. (NYSE: WCC), a publicly traded FORTUNE 500 holding company headquartered in Pittsburgh, Pennsylvania, is a leading provider of electrical, industrial, and communications maintenance, repair and operating (MRO) and original equipment manufacturer (OEM) products, construction materials, and advanced supply chain management and logistic services. Pro forma 2019 annual sales were approximately $17.2 billion, including Anixter International. The company employs approximately 18,900 people, maintains relationships with more than 30,000 suppliers, and serves more than 150,000 active customers worldwide. Customers include commercial and industrial businesses, contractors, government agencies, institutions, telecommunications providers, and utilities. WESCO operates 11 fully automated distribution centers and approximately 800 warehouse/branch locations in North America and more than 50 countries around the world, providing a local presence for customers and a global network to serve multi-location businesses and multi-national corporations.

To see additional opportunities with Wesco, please visit their careers site at: www.wesco.com/careers