GRC Analyst (in-office)

Description

HYDAC is a family-owned and operated business with a vibrant and rewarding working environment for our employees across the country. Our goal is to provide quality products, components and services that meet our customer expectations while being committed to the protection and preservation of our environment. HYDAC’s passionate team designs and manufactures a comprehensive line of innovative and reliable solutions optimized for any demand our customers require. 

The GRC Analyst will join an organization with flat hierarchies, high dynamics, and quick decisions. You will become a member of a young and dedicated team. In this role, you will be a subject matter expert in the team as well as in the whole organization for the continuous development of our Information Security Management System, and its rollout to other HYDAC entities. Furthermore, you will be responsible for internal ISMS audits according to country specific standards such as TISAX, ISO2700x and NIST. You will report to Information Security Manager located in the USA, while assisting the global team. The position will require up to 25% travel including the possibility of international travel.

You will make an impact in this role by:

• Support the further development of the information security management system (ISMS).
• Create and maintain the information security guidelines and concepts together with the IT security team.
• Support the development and maintenance of information security policies, procedures, standards, controls, and other related documents.
• Creation of threat and risk analyses.
• Coordinate updates to training materials that support the information security policies and procedures.
• Setup of training schedules for all Employees and provide KPI’s on completion and success.
• Carry out internal TISAX, ISO2700x, NIST (CMMC) and ISMS audits worldwide.
• Coordinate and lead interactions with internal and external cyber security auditors.
• Support cyber security maintenance and continuous improvement activity identified through internal processes or cyber security related audits.
• Coordinate interactions with internal and external cyber security auditors.
• Support reporting related to information security key performance indicators and status reporting.
• Support business continuity planning, cyber security incident response and management. Coordinate incident response plan creation and updates.
• Support the enterprise as an information security subject matter expert.
• Execute control activities to evidence our compliance with IT controls.
• Consult management, teams, and individuals to provide strategic and tactical direction regarding enterprise information security requirements, policies, procedures, and standards.
• Assist with the operational duties of the ISMS team.
• Perform other duties as assigned.

Requirements

To be considered for the GRC Analyst role, you must have the following minimum qualifications:

• Successfully completed a degree in computer science, IT security, engineering or comparable professional experience.
• You also have a high affinity for information security.
• Ideally, you have already gained experience in conducting audits (TISAX, NIST/CMMC, ISO27001).
• Team player and the ability to work effectively in an interdisciplinary team.
• Effective interpersonal and customer relationship skills.
• English fluently, German is a plus.

Due to access to government customer information, US citizenship is required.

This is an in-office position in Bethlehem, PA. Relocation is not offered for this position.

HYDAC offers employees a comprehensive medical/dental/vision plan, paid holidays, PTO, 401k with company matching, FSA account, short term disability and life insurance, and pet insurance. 

Click the “apply” button to be considered for this opening!

HYDAC is committed to providing equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.