India: Governance, Risk & Compliance Analyst

At H&P, our people are our strength.

The IT Governance, Risk and Compliance Analyst is the primary representative for H&P on all aspects of IT risk and IT audit compliance activities. This position will interface regularly with key stakeholders across the company to obtain remediation plans for risks and audit activities, track those remediation plans, gather evidence that the activities were completed successfully, and update IT Risk management metrics and KPIs.

Job duties include, but are not limited to:

• Provide continuous assessment and analysis of trends relating to risk, internal and external threats, control gaps, and unauthorized exposure of company assets to leadership. Meet with stakeholders to inform them of issues, assess appropriate mitigation and /or remediation activities, and track the agreed upon progress of those activities
• Monitor industry regulatory environment, and closely related or connected industries, for changes and impacts that may affect H&P’s IT, Cybersecurity, and Data Governance efforts. Assess the associated risks for the organization and provide timely recommendations and reporting
• Provide direct support, as required, for IT and Cybersecurity related compliance efforts, to ensure a culture of continuous improvement and the ability to meet H&P’s compliance requirements
• Perform third-party risk assessments of our partners, vendors, and contractors
• Coordinate organizational responses to standardized assurance questionnaires on behalf of our customers and partners
• Ensure all Cybersecurity programs and activities, to include but not limited to, Cyber Incident Response, Cyber Risk Management, Threat Management, Patch and Vulnerability Management, etc. meet or exceed best practice standards as outlined in IADC guidelines and standards, IEC 62443, NIST Cybersecurity Framework (CSF), NIST SP 800-53, and other related or applicable documentation
• Work directly with Cybersecurity management in the development, tracking and reporting of Cybersecurity metrics and KPIs for IT Risk operational concerns, operational and risk tracking for management, and risk trending for Executive Leadership
• Work with management to develop and maintain policies to define governance for both information technology (IT) and operational technology (OT) assets.
• Experience with technical writing to document IT and OT processes within policies and standard operating procedures.
• Leverage metrics and KPIs, to provide leadership and cross-functional teams with actionable recommendations for improvements to systems, processes, and / or procedures that will reduce overall enterprise risk associated with computing or networking systems; and continue to drive overall behavioral changes that result in a “cyber aware” culture at H&P
• Assist, as necessary, in the development, maintenance, and oversight of Cybersecurity related policies, procedures, standards, and associated documentation
• Demonstrate the H&P Company Values: Actively C.A.R.E., Service Attitude, Innovative Spirit, and Teamwork

Qualifications:

• Minimum of 3+ years of experience in auditing, risk management, oversight and reporting, or related activities. Preferably in the IT or other technical space
• Bachelor’s Degree in Computer Science, MIS, Cybersecurity or Information Assurance or equivalent
• Experience and knowledge of common regulatory and risk related frameworks such as NIST CSF, NIST SP 800-171, NIST SP 800-39, ISO27001/2, SOX, COBIT, ITIL, CIS, IEC 62443 etc.
• Experience performing or directly supporting risk assessments (internal and external), threat and vulnerability assessments, and related activities
• Working knowledge of operating systems (Windows, Linux, OSX, etc.), business applications, logging, virtualization technologies; and related server, networking, and workstation protocols and security issues
• Proven ability to gather and analyze IT Risk data and provide guidance in acceptable remediation activities
• Experience working within teams and with external (corporate and third-party) groups, preferably within an IT operations environment
• Highly motivated, self-starting individual with ability to multi-task and manage to timelines with limited supervision in a fast paced and agile environment
• Proven strong oral and written communication / presentation skills to a broad range of employees. Ability to clearly communicate and articulate technical details to IT and Engineering personnel, but also simplify explanations for non-technical individuals and executives
• Strong interpersonal skills that establish and sustain close working relationships with functional teams and subject matter experts both internal and external to IT

Thank you for your interest in joining our team!